Recently a new high risk vulnerability was discovered in the highly popular TimThumb script. TimThumb is a “A small php script for cropping, zooming and resizing web images (jpg, png, gif). Perfect for use on blogs and other applications.“ TimThumb is included in a lot…
htaccess Files and WordPress Security
Adding server-side protection around the WordPress wp-admin folder is like adding a second layer of protection to your WordPress admin area, login page and files. Server-side protection can be added by adding a .htaccess file (directory level configuration file) in your wp-admin WordPress sub directory….
Are You Visiting a Safe Website?
Nowadays, website malware, online scams and other sorts of web security hazards have become a common nuisance. How can anyone be safe with dangerous websites popping up constantly? Well, you can easily spot if you are on a hacked website or not by following some…
Properly Scoping your Web Security Assessments
I’ve heard experts in time management say that one minute of planning can save you five minutes in execution. This applies to so many things we do in IT and information security but I can’t think of anything more important than security testing. Applying the…
WordPress Database Security: Why Change the Database Tables Prefix
The majority of reported WordPress database security attacks were performed by exploiting SQL Injection vulnerabilities. By renaming the WordPress database table prefixes you are increasing the security of your WordPress blog and website from zero day SQL injections attacks. WordPress Database Security: The Prefix Guessing…
Malicious Hackers Slurp over a million user accounts from Washington Post
The Washington Post website has been hit with a double security breach. Malicious hackers have made off with around 1.3 million user IDs and email address from the “Jobs” section of the site. The attackers were able to gain access on two separate occasions:…
Acunetix Web Vulnerability Scanner Version 7 Build 20110711 Released
An updated build of Acunetix Web Vulnerability Scanner Version 7 was released. This new build (20110711) features improved Cross-Site scripting (XSS) web security checks, an improved crawler, better web 2.0 support and a number of bug fixes. New feature: Included IMAGE tag with source…
How can I change the WordPress database table name prefix?
**Do not do the below change unless you are comfortable with PHPMyAdmin and making changes to MySQL. If not, ask someone who is familiar with WordPress and MySQL to assist you. Also, backup your blog; it is of utmost importance that before doing any changes…
How Much Web Security is Enough?
A good web application security environment is one that balances security with convenience. Nothing more and nothing less; just the security that’s needed to keep things reasonably in check. But just how much is enough? All too often I see websites and applications with too…