Recently a client of mine sent over the results of a web vulnerability scan that one of their customers had run against their production web environment. My client was curious why the results of this third-party scan were different from my findings just a few…
What Exactly Does Web Site Security Mean?
We hear a lot about Web Site Security but what exactly does that mean to you? Whether it’s for personal or business use, ensuring your web presence is represented by a safe website can have a deep impact on your online success. In fact, creating and…
Common Website Security Flaws and What They Mean
Having a successful online presence is hard enough. Throwing some website security-related terms into the mix makes it all the more difficult, especially if you’re not a technical person or computer security guru. Although some folks in IT intentionally make web vulnerabilities difficult to understand…
Acunetix to Be Exhibited at Globaltek 2011
Acunetix WVS will be exhibited at the 2011 Globaltek Security Conference — held on the 26th of October 2011 at the Hotel Dann Carlton in Bogotá, Colombia. Entry to the conference is free of charge, and the topics covered are guaranteed to be of interest to both…
PHP Security Directive: Your Website is Showing PHP Errors
With the display_error PHP configuration directive enabled, untrusted sources can see detailed web application environment error messages which include sensitive information that can be used to craft further attacks. Attackers will do anything to collect information in order to design their attack in a more sophisticated way…
VIDEO: How Cross-Site Scripting (XSS) Works
XSS vulnerabilities (Cross-Site Scripting vulnerabilities) are often overshadowed by their big cousin, the infamous SQL Injection. This does not make them any less effective or deadly. XSS and SQL Injection attacks are similar in the way they inject malicious code. The difference is that an…
Your WordPress Database Table Prefix Is Not Secure
Prefixes are given to table names so they cannot be easily guessed by a hacker or malicious user. When guessed, the default database table prefix can make life easy for a hacker and enable attacks (like SQL Injection) to be easier to execute successfully. By…
Improving Web Security by Working With What You’ve Got
As I wrote about in a previous post, we’re in the era of cutting back – if not completely eliminating – all non-essential expenditures. The thing is what may seem to be non-essential to management may actually be essential to the business. There could just be…
Acunetix Web Vulnerability Scanner Version 7 build 20111005
An updated build of Acunetix Web Vulnerability Scanner Version 7 was released. This new build, numbered 20111005, includes two new features (support for a wider variety of web applications), a good number of improvements to the PHP AcuSensor technology, and also a minor bug fix….