Acunetix WVS will be exhibited at the 2011 Globaltek Security Conference — held on the 26th of October 2011 at the Hotel Dann Carlton in Bogotá, Colombia. Entry to the conference is free of charge, and the topics covered are guaranteed to be of interest to both…
PHP Security Directive: Your Website is Showing PHP Errors
With the display_error PHP configuration directive enabled, untrusted sources can see detailed web application environment error messages which include sensitive information that can be used to craft further attacks. Attackers will do anything to collect information in order to design their attack in a more sophisticated way…
VIDEO: How Cross-Site Scripting (XSS) Works
XSS vulnerabilities (Cross-Site Scripting vulnerabilities) are often overshadowed by their big cousin, the infamous SQL Injection. This does not make them any less effective or deadly. XSS and SQL Injection attacks are similar in the way they inject malicious code. The difference is that an…
Your WordPress Database Table Prefix Is Not Secure
Prefixes are given to table names so they cannot be easily guessed by a hacker or malicious user. When guessed, the default database table prefix can make life easy for a hacker and enable attacks (like SQL Injection) to be easier to execute successfully. By…
Improving Web Security by Working With What You’ve Got
As I wrote about in a previous post, we’re in the era of cutting back – if not completely eliminating – all non-essential expenditures. The thing is what may seem to be non-essential to management may actually be essential to the business. There could just be…
Acunetix Web Vulnerability Scanner Version 7 build 20111005
An updated build of Acunetix Web Vulnerability Scanner Version 7 was released. This new build, numbered 20111005, includes two new features (support for a wider variety of web applications), a good number of improvements to the PHP AcuSensor technology, and also a minor bug fix….
Explaining the “why” of Web application security
Looking at the bigger picture of application security it seems that no one else really hears us. Sure, product managers, marketing, legal, HR and even certain people in management say they understand what’s at stake. But are they really on board? Business leaders have learned…
How To Tell If You Own a Hacked Website
When it comes to computer hacking and Internet data breaches the news media and filmmakers tend to sensationalize and over-produce what really happens. To the average person, they create the perception that a hacked website will cause the user’s computer to blip and bleep, video…
SQL Injection – The Web Flaw That Keeps on Giving
It’s hard to believe, but SQL injection as we know it has been around for 13 years. Yet, SQL injection is as prevalent as ever as highlighted in The 2011 Mid-Year Top Cyber Security Risks Report. Back in the dot-com era of 1998-99, you may…