Attending a recent meeting I heard one of the speakers say “You can’t change what you tolerate.” Apparently it’s a quote from Cesar Millan (the dog whisperer) but it really struck a chord in me regarding web application security and overall information risk management. How…
Acunetix Web Vulnerability Scanner Version 7 build 20110308 released
An updated build of Acunetix Web Vulnerability Scanner Version 7 was released. This new build features a number of new security checks, automatic crawling and scanning of SVN repositories, improved Cross-site scripting checks and a number of bug fixes. New feature: Acunetix WVS will parse…
Acunetix voted Windowsecurity.com Readers’ Choice Award Winner for the Fourth Time
For the fourth time in a row, Acunetix Web Vulnerability Scanner Chosen as the Windowsecurity.Com Readers’ Choice Award Winner. The leading Windows Security resource site, WindowSecurity.com, announced today that Acunetix Web Vulnerability Scanner was selected the winner in the Web Application Security category of the…
How to Avoid the Google Blacklist
In the ‘old days’ – around 4 to 6 years ago, when the Google Blacklist was less of a news item – hackers were primarily interested in stealing customer data from websites. They would cause absolute havoc after breaking in, stealing anything from customer credit card…
Testing for weak passwords: a common oversight without a great solution
Typically when we think of Web security testing vulnerabilities such as SQL injection, cross-site scripting and so on come to mind. Rightly so, the flaws resulting from poor input validation alone are still a large part of the problem. But there’s another Web security vulnerability…
Acunetix WVS Version 7 build 20110209 released
An updated build of Acunetix WVS Version 7 was released. With this new build, you can generate PCI 2.0 compliance reports and CWE/SANS top 25 reports. The Input Fields feature was also enhanced, and now it supports wildcards and prioritization of input fields. New features:…
General Facts and Figures on Web Hacking
Facts about Web Hacking Verizon Business conducted a 2009 study of 90 Web data breaches. The results of this study were presented in The Data Breach Investigative Report (DBIR) and included the following facts and figures: 285 million data records were exposed in the 90…
I wouldn’t want to be a developer these days
Are you a software developer? If so, I don’t envy you. Of all the possible positions working in and around IT, you’ve arguably got the toughest one. I’ve witnessed it over the years while performing my own security assessments as well as hearing about it…
Cross-site Scripting
One of the most common forms of Web application vulnerability is Cross-site Scripting. This security vulnerability allows attackers to implant malicious scripts into websites. The scripts will execute in the browsers of visitors to the site, within the hosting website security zone. This provides the…