September 3, 2010 - While beta testing the latest version of Acunetix WVS v7, we found a large number of security vulnerabilities in various web applications. In the following days we Read more
August 8, 2010 - Netsparker is a web application security product from Mavituna Security. They recently released a community edition of their scanner, although the it’s pretty stripped down so I ‘m not sure how useful it would be for season security professionals. They make Read more
August 4, 2010 - Making Web application security work is more than simply telling developers they need to write better code. We can scream “Write better code!” and “Integrate security into the application Read more
July 28, 2010 - Facebook rates as the second most popular website on the internet with 400 million active users. When such a website has common web application security flaws, they are going to Read more
July 14, 2010 - I was reviewing the most recent SANS @RISK Consensus Security Vulnerability Alert and it reminded me of how easy it is to get caught up in the big Read more
July 5, 2010 - On the 4th of July 2010 YouTube users began complaining that their videos had been hijacked, the comments section of their videos seemed to be most severely affected, many Read more
June 23, 2010 - Mozilla has issued an update for Firefox to address multiple vulnerabilities which can be exploited to disclose sensitive information, bypass certain security restrictions, or to compromise a user's system. A few of these vulnerabilities only affect Firefox 3.5 Read more
June 17, 2010 - Recently over 100,000 Apple customers were affected by an information disclosure attack on the AT&T website. Security experts blame this breach on “poorly designed software”. An analysis of the attack Read more
June 16, 2010 - Looking to hop aboard the Web vulnerability scanning bandwagon to see just how vulnerable your Web site or application really is? Well, not so fast. Here are some signs you’re not ready to begin just yet: Read more
June 9, 2010 - Why are Web applications out of the loop when it comes to contingency planning? Look at any given security incident response or disaster recovery plan (assuming they even exist) Read more
June 1, 2010 - In the following demo video, Sandro Gauci of EnableSecurity shows how an attacker can switch off dotDefender in order to bypass any “protection” offered by the WAF. Such attack Read more
May 25, 2010 - Unfortunately, it is of frequent occurrence that people launch a security scan against a website or web application sitting behind a web application firewall, or some other kind of web Read more
May 11, 2010 - If you’re reading this blog, Web security testing is undoubtedly on your radar. You may have an ongoing process for testing Web vulnerabilities but do you actually have a Read more
May 4, 2010 - The CRLF Injection Attack (sometimes also referred to as HTTP Response Splitting) is a fairly simple, yet extremely powerful web attack. Hackers are actively exploiting this web application vulnerability to perform a large variety of attacks that include XSS cross-site Read more
April 27, 2010 - Kudos to Jeff Williams, Dave Wichers, and the rest of the OWASP team for pulling together the final release of the OWASP Top 10 for 2010. Obviously, a lot of thought and work has gone into this new version. Read more
April 14, 2010 - On the 9th of April 2010, Apache.org infrastructure suffered a direct and targeted attack on the server hosting the Apache issue-tracking software, Atlassian JIRA. This is the second major compromise Read more
April 13, 2010 - In this video we look into the details of how an attacker is able to exploit a Cross Site Scripting vulnerability in Mambo CMS (version: 4.6.5), discovered by Bogdan Calin Read more
April 6, 2010 - Do you ever find yourself driving down the road in an unfamiliar place and you get that gut feeling that you’re headed in the wrong direction? Well, I feel that’s Read more
March 25, 2010 - An Adobe Air based SQL injection scanner, using blind SQL injection techniques to extract information from a target database. SQLFury supports MySQL, PostgreSQL, Oracle, and Microsoft SQL Server. For more details or to download, visit Read more
March 25, 2010 - The increase in cyber attacks on high profile online business websites implies that web security still needs to be addressed. Exploits of web server vulnerabilities typically have a more disastrous and Read more
