Web Security – Articles

  • DOM Based Cross-Site Scripting Vulnerability
    Acunetix, December 2010 – While a traditional cross-site scripting vulnerability occurs on the server-side code, document object model based cross-site scripting is a type of vulnerability which affects the script code in the client’s browser.
  • Impact of Cross-Site Scripting Vulnerabilities on Social Networking Sites – XSS on Facebook
    Acunetix, July 2010 – We trust social networking websites to reflect the the public image that we want to portray and sometimes even trust them with secrets. A single cross-site scripting flaw allows attackers to do anything (that the victim may do) on behalf of the victim. In this article we will look at how accounts on the most popular social networking website on the internet Facebook could be compromised through such a simple, yet effective vulnerability.
  • Apache Web Server Security
    Acunetix, March 2010 – With over 100 million websites and web applications hosted on Apache, the Apache Web server is the most widely used web server software on the internet.  Like every other software, a default installation of Apache is insecure, and will be a malicious user’s target.  Read how to secure an Apache web server installation and learn about the common mistakes that can be the source of a disastrous attack.
  • IIS Web Server Security
    Acunetix, March 2010 – Microsoft IIS Web server is one of the most widely used web server software today.  Read about how to secure IIS web server configuration and what are the common mistakes that can lead to be a web server security issue which can be the source of an attack.
  • Web Server Security and Database Server Security
    Acunetix, September 2009  – If your servers and/or web applications are compromised, hackers will have complete access to your back end data even though your firewall is configured correctly and your operating system and applications are patched repeatedly.
    Read how you can improve your web server security and learn from how previously hackers managed to make it in even if everything around the website is secured!
  • Keeping Web Hacking at Bay with Acunetix – How to Avoid a Hacker Attack on your Website
    Acunetix, November 2008 – This article describes why hackers may want to attack your website, since today hacks are not happening just to steal data but for many other reasons which could lead to legal actions, even if you are just the victim. It also explains how to prevent such attacks.
  • Cross Site Scripting – The Underestimated Exploit
    Acunetix, September 2007 – This article describes the Cross Site Scripting vulnerability, explains how it comes about and gives clear and offers a solution to prevent it.
  • Microsoft UK Events Website Hacked
    Acunetix, July 2007 – This article explains how the Microsoft UK Events website got hacked. It explains step by step in detail how by taking advantage of an SQL Injection and non filtered parameters, the hacker known as “rEmOtE” got to see the database passwords, proceeded with the attack and defaced Microsoft UK’s website. If you are a web developer, a pen tester or in any way related to building and securing web pages, this is a must read article!
  • PCI Compliance (Payment Card Industry Data Security Standard)
    Acunetix, April 2007 – If your business relies on payment by credit cards, compliance to the PCI security standard is a requirement.  Read more how and which requirements from PCI DSS standard Acunetix helps you meet.
  • The True Nature of Web Application Security: The Role and Function of Black Box Scanners
    Acunetix, February 2007 – In this article the author explains how important it is to have secure web applications and gives examples why web applications should be secured based on true stories. He also explains what an important role black box scanners play in having secure web applications.
  • Web Applications: What are They? What of Them?
    Acunetix, February 2007 – Over the past decade or so, the web has been embraced by millions of businesses as an inexpensive channel to communicate with customers via web applications.  But what are web applications exactly, and does the availability of more information they bring with them brings along new security problems and more targets for malicious users?
  • Web Hacking: An Underestimated Threat
    Acunetix, February 2007 – Just because you think your data is safe does not mean your database of sensitive organization information has not already be cloned and is resident elsewhere ready to be sold to the highest bidder. Hacking of websites and stealing of online data is part of nowadays’ life and it costs companies a lot of money. Companies loose their reputation, go out of business simply because they were a victim of an attack. Read this article and find out real facts about hacking!
  • Ajax Security: Are AJAX Applications Vulnerable to Hack Attacks?
    Acunetix, February 2007 – Since AJAX increases interactivity, speed and usability it also brings new security issues. Read more about the security issues they bring around with them and how they can be avoided.
  • How to Check for SQL Injection Vulnerabilities
    Acunetix, January 2007 – Securing your website and web applications from SQL injections is a three-part process; analysing present state, making sure to use coding best practices and regularly performing a website security audit.
  • PHP / SQL Security – Part 6
    Acunetix, December 2006 – In this final part of a series of 6 articles, the author covers session management and also takes the readers through a brief look at security modules for Apache and multiple server instances.
  • Web Application Security – Check your Site for Web Application Vulnerabilities
    Acunetix, December 2006 – With many businesses adopting web-based technologies for conducting online business, they are exposing their data to more and more people each day and their online presence makes them an interesting target for hackers. Read more to find out how important it is to secure your web applications and find out how to secure them.
  • SQL Injection: What is it?
    Acunetix, November 2006 – This article contains an in-depth explanation of what is a SQL injection; one of the most common application layer attack techniques used today. Rich with well explained examples, this article is a must read article!
  • Web Security Scanning
    Acunetix, October 2006 – Web security is not just about writing secure web application code only, but it is much more.  Everything around the website like database servers, should also be secured.  In this article, the author speaks about web security scanning trends and how to scan your web application entry points as if you are a hacker yourself.
  • PHP / SQL Security – Part 5
    Acunetix, October 2006 – this article describes in detail PHP safe mode; a generic set of options and restrictions applied to the entirety of PHP, restricting access to files, preventing operations which have severe security implications, and improving the security of multi-user hosting environments.
  • PHP / SQL Security – Part 4
    Acunetix, July 2006 – In this article the author wraps up about PHP development and file handling.  In this article one can read about file uploads and how to securely implement such solutions if file uploads are needed via a PHP website.
  • The JavaScript Engine of Acunetix WVS
    Acunetix, May 2006 – This article describes how Acunetix Client Script Analyzer works and also shows the importance of having such a tool in a web application security scanner.  Using this tool helps you automate most of the scanning and helps also in making sure that all the website is crawled without leaving hidden documents or website area undiscovered.
  • PHP / SQL Security – Part 3
    Acunetix, April 2006 – This article looks at controlling file access within PHP. The author explains in details how file handling should be done securely in PHP and also explains in details how UNIX file permissions work and how important it is to secure every aspect of your web site, not just the network around it.
  • Cross Site Scripting Attack
    Acunetix, February 2006 – Cross Site Scripting attack is one of the most common vulnerability. Most websites are hacked because of cross site scripting vulnerabilities. In this article you can learn more about them and have real life examples and you can also learn how to scan a website and find them and also how to prevent cross site scripting vulnerabilities.
  • PHP Security / SQL Security – Part 2
    Acunetix, February 2006 – In this second part of the article the author explains how important it is to handle properly SQL queries and anything related to PHP development and databases.  He goes into detail in explaining about SQL Injection, database ownership and permissions, non-string variables. file permissions, making database connections and much more!
  • PHP Security / SQL Security – Part 1
    Acunetix, February 2006 – This article lists down all the attacks insecure PHP coding could lead to, attacks like SQL Injection, Directory Traversal, XSS and may other issues. It also explains in detail how and the importance of validating user input and how to check for PHP vulnerabilities.
  • Google Hacking
    Acunetix, February 2006 – Google hacking is a term used when a hacker tries to find exploitable targets and sensitive data by using search engines. This article talks about Google hacking techniques, what hackers usually look for and how to prevent them. It also explains how Acunetix WVS checks your website using Google hacking techniques so they can be prevented.
  • CRLF Injection Attack
    Acunetix, February 2006 – In this article the author explains what are CRLF injection, how to detect them and how a malicious user can exploit them.  In the article you can also see well explained examples of actual CRLF injection attacks.
  • Authentication Hacking Attacks
    Acunetix, February 2006 – This article describes different kind of authentications, the side effects it can have when using weak credentials and what an attacker can do once he gains access. It also describes how to prevent such authentication hacking attacks.
  • Directory Traversal Attacks
    Acunetix, January 2006 – This article explains in detail and using examples what is a directory traversal attack, an attack where a hacker can gain root access to a remote server and run commands on it.  It also explains how to check your website for such attacks and how to avoid them as well.
  • Google Hacking Mini Guide
    Johnny.ihackstuff.com, May 2004 – “Described by some as the best personal productivity tool since the word processor, Google’s search engine has been embraced by the masses as an incredibly useful tool. However hackers, identity thieves and even terrorists can also leverage Google as a personal productivity tool. The Google Hacking Mini Guide by Johnny Long, outlines the more harmful applications of the Google search engine, techniques that have collectively been termed “Google hacking”. In his article he aims to educate web administrators and the security community in the hopes of eventually stopping this form of information leakage.