Nowadays, website malware, online scams and other sorts of web security hazards have become a common nuisance. How can anyone be safe with dangerous websites popping up constantly? Well, you can easily spot if you are on a hacked website or not by following some…
Properly Scoping your Web Security Assessments
I’ve heard experts in time management say that one minute of planning can save you five minutes in execution. This applies to so many things we do in IT and information security but I can’t think of anything more important than security testing. Applying the…
WordPress Database Security: Why Change the Database Tables Prefix
The majority of reported WordPress database security attacks were performed by exploiting SQL Injection vulnerabilities. By renaming the WordPress database table prefixes you are increasing the security of your WordPress blog and website from zero day SQL injections attacks. WordPress Database Security: The Prefix Guessing…
Malicious Hackers Slurp over a million user accounts from Washington Post
The Washington Post website has been hit with a double security breach. Malicious hackers have made off with around 1.3 million user IDs and email address from the “Jobs” section of the site. The attackers were able to gain access on two separate occasions:…
Acunetix Web Vulnerability Scanner Version 7 Build 20110711 Released
An updated build of Acunetix Web Vulnerability Scanner Version 7 was released. This new build (20110711) features improved Cross-Site scripting (XSS) web security checks, an improved crawler, better web 2.0 support and a number of bug fixes. New feature: Included IMAGE tag with source…
How can I change the WordPress database table name prefix?
**Do not do the below change unless you are comfortable with PHPMyAdmin and making changes to MySQL. If not, ask someone who is familiar with WordPress and MySQL to assist you. Also, backup your blog; it is of utmost importance that before doing any changes…
How Much Web Security is Enough?
A good web application security environment is one that balances security with convenience. Nothing more and nothing less; just the security that’s needed to keep things reasonably in check. But just how much is enough? All too often I see websites and applications with too…
Recently Backdoored WordPress Plugins
In the previous article, The Rise of the Backdoored WordPress Plugins, I discussed the ever-growing threat to WordPress security in the form of compromised plugins. As promised, here are the changes made by attackers to the popular plugins, WPtouch, W3 Total Cache and AddThis. WPtouch…
90% of US Companies Hacked!
Alarming results have been announced following a recent survey conducted by the Ponemon Research Institute and Juniper Networks. In their survey, 583 American companies were interviewed on security related questions. The result seems to correlate with what we have been seeing in the media during…