Author Archives Ian Muscat

Be Selective When Choosing Plugins and Themes WordPress allows you to extend and customize your site with thousands of plugins and themes. While extending your site’s capabilities and customization is important, it should not come at the price of your website’s security. Even if your…

Read more

With WordPress running on 1 in 5 sites on the Internet, it is no surprise that they are a very popular target for both experienced hackers and script-kiddies alike. The following are a few measures that can be taken to address some basic security holes…

Read more

A dangerous XSS vulnerability has just been identified in WordPress versions prior to 4.0. Using comments, attackers may even be able to gain full administrative control of a vulnerable application. Therefore WordPress have released an urgent update, addressing this bug and 7 others. Users should…

Read more

One of the checks done in a network scan by Acunetix Vulnerability Scanner is a TCP and UDP port scan. Any open ports detected during the scan will be reported as shown in the screenshot. In this particular scan, these ports have been detected as…

Read more

The Heart bleed Bug took the world by storm the moment the vulnerability became public. Heart bleed Bug is a serious vulnerability in the widely used OpenSSL cryptographic library. This weakness allows theft of data resident in the server’s memory, which generally comprises SSL/TLS encrypted…

Read more

A brief overview of DOM-based XSS DOM-based XSS is a form of cross-site-scripting attack in which an attacker executes an attack vector through the modification of the browser’s Document Object Model (DOM) environment. Unlike stored (persistent) or reflected XSS variants, DOM-based XSS does not involve…

Read more

DOM-based XSS involves the execution of a payload as a result of modifying the DOM inside the browser used by a client side script. Since the payload resides in the DOM, the payload may not necessarily be sent to the web server. This post covers…

Read more