As the attacks on infrastructure become more complicated, the true nature of deep penetration attacks prove food for thought for all developers and operators. Consider this case – where the Apache open source infrastructure itself became significantly exposed by a simple XSS attack that utilized…
The road to glory, from XSS to Root on apache.org
On the 9th of April 2010, Apache.org infrastructure suffered a direct and targeted attack on the server hosting the Apache issue-tracking software, Atlassian JIRA. This is the second major compromise the Apache Software Foundation suffered in less than a year, when last August, the main…
VIDEO: Exploiting a Cross Site Scripting vulnerability in Mambo CMS
In this video we look into the details of how an attacker is able to exploit a Cross Site Scripting vulnerability in Mambo CMS (version: 4.6.5), discovered by Bogdan Calin with Acunetix Web Vulnerability Scanner. This vulnerability is affecting a POST parameter in the Mambo…
Acunetix WVS Version 6.5 build 20100407 released
An updated build of Acunetix WVS Version 6.5 has been released. This build includes a number of bug fixes Bug Fixes: Fixed: Login Sequence Recorder was not using client certificates when recording a login sequence Fixed: Login Sequence Recorder was not using the configured User…
Fighting Web flaws is futile
Do you ever find yourself driving down the road in an unfamiliar place and you get that gut feeling that you’re headed in the wrong direction? Well, I feel that’s exactly where we are with application security – heading in the wrong direction. First off,…
Malware Survey Data – Customer Perspective
One big thing that is missing from this industry is empirical trend data that supports the TRUE risks and costs associated with hacking and malware infections. To date, we’ve written quite alot about customer-specific impacts when they are infected… The ‘results’ run the gambit of…
The top Web vulnerability we face
I recently took some time off which gave me the opportunity to clear my head and think about some of the big issues we’re facing with Internet security. I thought if I had to pick one thing, what would be the greatest Web vulnerability out…
Statistics from the top 1,000,000 websites – part II
This is the second part of an older article we posted, where we present some statistics from the top 1,000,000 sites on the internet. We are using the Alexa database as source for our statistics. In the first part of this article, we presented the…
Acunetix WVS Version 6.5 build 20100303 released
An updated build of Acunetix WVS Version 6.5 has been released. This build includes a new feature and new security checks, improvements and addresses a number of bug fixes. New Feature: Added new option to export results to HTTP Fuzzer New Security Checks: Test for…