Understanding Directory Traversal One of the critical functions of a secure Web server is controlling access to restricted directories. HTTP exploit attacks circumvent Web server security and use malicious software to access the content of restricted directories. Directory Traversal is one such HTTP vulnerability. The…
Author Archives Acunetix
THE AUTHOR
Acunetix
OWASP Top Ten Most Critical Web Application Attacks
The Web application community is served by an organization called OWASP (the Open Web Application Security Project). OWASP is a non-profit global organization that focuses on providing information to help improve Web application security. OWASP has developed an awareness document called the OWASP Top Ten….
Acunetix WVS Version 7 build 20110124 released
An updated build of Acunetix WVS Version 7 has been released. In this build we introduced a new Cross-site scripting security check and also address a number of bug fixes. New security check: New type of XSS test introduced (parameter was set to javascript:…) Bug…
AJAX Application Attacks
Understanding Ajax and JavaScript Ajax is a popular technology for Web 2.0 applications. Ajax (which is shorthand for asynchronous JavaScript and XML) is not one component, but is a group of related development techniques for Web applications. At the heart of Ajax’s functionality is the…
How to choose a web vulnerability scanner
A must read interview for anyone who is interested in evaluating web vulnerability scanners. In this interview we discuss the process of choosing a web vulnerability scanner and underline several factors that should be taken into consideration in the decision-making process. Which is the best…
Understanding SQL Injection
SQL injection attacks are also often referred to as SQL malware. Like local and remote file inclusion attacks, an SQL injection attack inserts a malicious script into a website’s code. In this case, a web page that is using a tool like MySQL to query…
A practical guide to dealing with Google’s Malware Warning
Have you ever been cruising the web, minding your own business, when your browser suddenly freezes your search and your pages start lighting up like you have tripped some terror alert color scheme gone mad? What if it’s your very own web site that is…
Acunetix WVS Version 7 build 20101216 released
An updated build of Acunetix WVS Version 7 was released, featuring further DOM XSS checks improvements and addresses a number of bug fixes. New features: DOM XSS will now report the filename in which the attack was executed DOM XSS checks on document.open, window.open, window.navigate…
Google Changes Malware Warnings
As expected, Google has changed their process when they detect malware or ‘malicious’ content on websites. As reported today on CNET: ‘Google search results warn of compromised sites’ Google is now adding new links into the search results: ‘Starting today, Google search users should start…