It’s a sad statement to make that anyone can become a hacker, with a few dollars and the right contacts anyone can “order” an infected website. A simple email will give anyone the means to access credit card numbers, addresses, and all of your personal…
Consider outside of the box for security – It can be exposing
In the past few days, a site selling Durex condoms have had a small ‘exposure’ problem. As reported, the site had been suffering (time length unknown) from several basic security exposures, including even allowing orders to be viewed online, without a login – simply by…
Third Annual Meetings of Heads of Information Systems Security RSSI’2010
Acunetix reseller Hat Web Security Labs will be exhibiting Acunetix WVS in the Third Annual Meetings of Heads of Information Systems Security RSSI’2010. The event will take place between 3rd and 4th of June 2010 at the Cyber Parc Elgazala, Tunis. Click here for more…
Acunetix WVS helps Digicure discover web vulnerabilities
A proper web security audit is a mixture of automated and manual tests; Acunetix WVS provides a comprehensive tool for automated testing purposes and useful toolbox Digicure can use for manual penetration testing as well. “The most impressive thing about Acunetix Web Vulnerability Scanner must…
SQL Injection hits again; 168,000 personal records exposed
A hacker, who calls himself “ins3cted”, has demonstrated to Webwereld via video how by exploiting a simple SQL injection, he can retrieve 168,000 personal records from a Dutch website called Experience the OV (http://www.ervaarhetov.nl). Citizens living in the provinces of Gelderland, Overijssel and Flevoland are…
Security usability and accessibility
Recently security and accessibility issues have become an important topic to me. Although I had always considered accessibility and more specifically usability important in my designs, since I’m now down to one active hand two to a surgery on the other hand, I am now…
Creating a Web security testing policy
If you’re reading this blog, Web security testing is undoubtedly on your radar. You may have an ongoing process for testing Web vulnerabilities but do you actually have a policy for it? I’m all about keep things simple with security and, when you think about…
The new OWASP Top 10 for 2010 – Risk and Realities
Kudos to Jeff Williams, Dave Wichers, and the rest of the OWASP team for pulling together the final release of the OWASP Top 10 for 2010. Obviously, a lot of thought and work has gone into this new version. One thing that really jumps out…
Gray Powell and the lost iPhone, and malware
In case you didn’t hear about it already, the story of the day is Gray Powell and the lost iPhone. So I searched for him on Google. I was really surprised to see that 4 out of 10 results from Google’s first page were links…