Criminal hackers are getting more and more creative in their phishing and social engineering attacks on the web. This not only puts your website in the crosshairs but also your own personal information. A common question that comes up is: How do I stay in…
What’s the Best Way to Find Web Security Flaws?
With all of the potential ways the bad guys can exploit websites (literally thousands), many people want to know what the best way is to actually uncover these flaws. Well, there’s no magic bullet answer, however, generally speaking Web flaws can be discovered in one…
Scanning a Shopping Cart with an Automated Security Scanner
Many of today’s large scale websites are template based. This means that most of the website pages which users visit are usually built from the same template file. Thus it is normal for a template based websites to be made up of about 20 or…
New Features and Security Checks Added to Acunetix Web Vulnerability Scanner 8
The new build of Acunetix Web Vulnerability Scanner released today includes a number of new features, new security checks and also a number of bug fixes. Ideal for scanning and securing today’s complex custom web applications, the main new feature allows importing of multiple HTTP…
Should you Test Development, Staging or Production?
You’ve heard me say that planning is half the battle with Web security assessments. I’m finding that more and more people are on board with thinking things through in advance but there’s still one area that’s not getting the attention it deserves. It’s deciding on…
Why Web Security is Not Just IT’s Problem
What’s your take on Web security? Do you see it as one of those techie things that other people should be handling? Or do you see it as your responsibility to ensure everything associated with your Web presence is in check? Well, according to a…
Over 1 Million Accounts Leaked in a Massive Hack Attack
A recent online attack from a hacker group called Team GhostShell has targeted more than 100 websites from banks, stock exchange, police departments, and consulting firms, to law firms, and several companies from many other different sectors. Some of the hacked organizations and companies include…
The Lost Art of Disabling Our Web Security Testing Accounts
Do you ever get the feeling that something’s not quite right after you’ve performed an otherwise solid web security assessment? Well, as many of us have discovered, that nagging feeling in the pit of your stomach could be something as simple as not disabling the…
Web Security Tip of the Week: Why Do Hacker Attacks Happen?
Criminal hackers have it made. They know that many people don’t get – or completely ignore – online security. This attitude from many is at the core of why we experience website security issues. But, as problematic as the human factor can be, the real…