- Probably my biggest pet peeve related to application security is the claim by many (typically management) that “We know we’re secure, we just had an audit”. (continue reading...)
- We are continuing with the list of security vulnerabilities found in a number of web applications while testing our latest version of Acunetix (continue reading...)
-
If you’ve ever ran a Web vulnerability scan you’ve likely experienced this situation. You fire up your scanner, tweak your settings, and click Start. The (continue reading...)
- We are continuing with the list of security vulnerabilities found in a number of web applications while testing our latest version of Acunetix (continue reading...)
- We are continuing with the list of security vulnerabilities found in a number of web applications while testing our latest version of (continue reading...)
- While beta testing the latest version of Acunetix WVS v7, we found a large number of security vulnerabilities in various web applications. (continue reading...)
- Netsparker is a web application security product from Mavituna Security. They recently released a community edition of their scanner, although the it’s pretty stripped down so I ‘m not sure how useful it would be (continue reading...)
- Making Web application security work is more than simply telling developers they need to write better code. We can scream “Write better code!” and (continue reading...)
- Facebook rates as the second most popular website on the internet with 400 million active users. When such a website has common web application security (continue reading...)
- I was reviewing the most recent SANS @RISK Consensus Security Vulnerability Alert and it reminded me of how easy it is to get (continue reading...)
-
On the 4th of July 2010 YouTube users began complaining that their videos had been hijacked, the comments section of their videos seemed to (continue reading...)
- Mozilla has issued an update for Firefox to address multiple vulnerabilities which can be exploited to disclose sensitive information, bypass certain security restrictions, or to compromise a user's system. A few of these (continue reading...)
- Recently over 100,000 Apple customers were affected by an information disclosure attack on the AT&T website. Security experts blame this breach on “poorly designed software”. (continue reading...)
- Looking to hop aboard the Web vulnerability scanning bandwagon to see just how vulnerable your Web site or application really is? Well, not so fast. Here are some signs you’re not ready to (continue reading...)
- Why are Web applications out of the loop when it comes to contingency planning? Look at any given security incident response or disaster recovery (continue reading...)
- In the following demo video, Sandro Gauci of EnableSecurity shows how an attacker can switch off dotDefender in order to bypass any “protection” offered (continue reading...)
- Unfortunately, it is of frequent occurrence that people launch a security scan against a website or web application sitting behind a web application firewall, or (continue reading...)
- If you’re reading this blog, Web security testing is undoubtedly on your radar. You may have an ongoing process for testing Web vulnerabilities but (continue reading...)
- The CRLF Injection Attack (sometimes also referred to as HTTP Response Splitting) is a fairly simple, yet extremely powerful web attack. Hackers are actively exploiting this web application vulnerability to perform a large variety of (continue reading...)
- Kudos to Jeff Williams, Dave Wichers, and the rest of the OWASP team for pulling together the final release of the OWASP Top 10 for 2010. Obviously, a lot of thought and work has gone (continue reading...)