Three men, responsible for the largest data security breach in U.S. history, stole 130 million credit and debit card numbers from five leading companies. They took advantage of a coding error, and allegedly used a SQL injection attack to compromise a web application, which was…
Security risks associated with utf8_decode and XSS filters
BlackHat USA 2009; Eduardo Vela Nava (sirdarckcat) and David Lindsay presented a paper entitled “Our Favorite XSS Filters and How to Attack Them”. Very interesting paper, you should definitely take a look at it. In this paper, besides other things, they presented a very interesting…
New Acunetix WVS V6.5 build; better support for CAPTCHA and modern authentication mechanisms
With the release of Acunetix WVS Version 6.5 latest build; 20090728 (https://www.acunetix.com/support/build-history.htm), we announce that Acunetix WVS has better support for web applications with CAPTCHA, single sign-on and Two factor authentication mechanisms. Thanks to the new ‘Manual Intervention’ module, IT security professionals can now save…
2 of SANS’s top 25 most dangerous programming errors led to more than 1.5 million website security breaches in 2008
Earlier on this year, a report from SANS institute showed that two of the twenty five most dangerous programming errors, led to more than 1.5 million website security breaches in 2008. The report is a joint effort from more than 30 US and international cyber…
Web Application Firewalls do not replace secure development and operation of web applications
In eval($WAF); whitepaper, L. Nothdurfter, W.Neudorfer and M. Kirchner from the University of Applied Sciences Upper Austria, explain in detail how they evaluated the capabilities of some leading WAFs (web application firewall), and concluded that although a WAF can raise the security level, secure development…
Every website is a target; hacktivism
As stated in previous blog posts, hackers don’t just hack websites to steal online databases and credit card details. Hacktivism, where innocent websites are defaced from malicious users to transmit their political view or opinion, is on the increase. In many major world political events,…
U.S. Dept. of Defence publishes attack details of two successful U.S. Army web servers’ breaches
Department of Defence and other investigators, are investigating two U.S. Army web server breaches which were never publicly disclosed. On 19th September 2007, and 26th January 2008, a Turkish hacker group known as “m0sted” successfully probed 2 U.S. Army web servers, by running a SQL…
New Acunetix WVS Version 6.5 sets new standards in web vulnerability scanning
We are proud to announce the launch of Acunetix Web Vulnerability Scanner Version 6.5. With this new version, we introduced the new ‘file upload forms vulnerability checks’. Acunetix is the industry’s first and only Web Vulnerability Scanner to scan web applications for this type of…
New Acunetix WVS 6.5 sets new standards in web vulnerability scanning
Unique Acunetix WVS vulnerability checks save businesses time, money and embarrassment London 20th May 2009 – Acunetix (www.acunetix.com), a pioneer in web application security scanning technology, has announced new ‘file upload forms vulnerability checks’ in version 6.5, an industry first and only Web Vulnerability Scanner…