An updated build of Acunetix WVS Version 7 was released, featuring further DOM XSS checks improvements and addresses a number of bug fixes. New features: DOM XSS will now report the filename in which the attack was executed DOM XSS checks on document.open, window.open, window.navigate…
Google Changes Malware Warnings
As expected, Google has changed their process when they detect malware or ‘malicious’ content on websites. As reported today on CNET: ‘Google search results warn of compromised sites’ Google is now adding new links into the search results: ‘Starting today, Google search users should start…
Which scan policy should you use to find everything that matters?
If only Web application security were black and white. We could simply load our scanner without thinking anything through, enter the URL, click Scan, generate a report of issues for someone else to address and be done with it. Sadly I think some people do…
Google XSS Flaw in Website Optimizer Scripts explained
This week thousands of system administrators who make use of Goolge products will open their inbox to see an email from Google explaining that their Web Optimizer product contains an XSS flaw that allows hackers to inject scripts into their Google Optimized web pages.
Acunetix WVS v7 build 20101206 automatically checks for DOM XSS
The new build of Acunetix Web Vulnerability scanner Version 7 checks for DOM based XSS vulnerabilities. Unlike the traditional cross-site scripting vulnerability, document object model based cross-site scripting (DOM XSS) vulnerability is a type of vulnerability which affects the script code in the client’s browser. …
Statistics from a phisher’s list
Yesterday night I was following some security related forums and some person posted a phishing kit for a popular bank from Romania. A phishing kit is a collection of scripts to help a script kiddie launch a phishing exploit and steal data such as credit…
Acunetix WVS Version 7 build 20101123 released
An updated build of Acunetix WVS Version 7 was released. Improvement: More updates to the Client Script Analyser (CSA) engine for better Web 2.0 support Bug Fixes: Fix: Added port in host header for https in manual browsing Fixed: Crawler not serving pages to Client…
HTTP Post Denial Of Service: more dangerous than initially thought
Wong Onn Chee and Tom Brennan from OWASP recently published a paper* presenting a new denial of service attack against web servers. What’s special about this denial of service attack is that it’s very hard to fix because it relies on a generic problem in…
Notable changes in PCI DSS 2.0 affecting Web application security
“Clarification, additional guidance, and evolving requirements” – welcome to the new PCI standards! Hot off the press are the new PCI DSS and PA-DSS requirements which take effect January 1, 2011. So, if you work in or around Web application security, it’ll behoove you to…