In part 3 of this series, we looked at ways in which a hacker can keep web shells under the radar. In part 4 of this series, we’ll be looking at web shells in action by using Weevely as an example. Weevely is a lightweight…
Web Shell Detection and Prevention (Web Shells Part 5)
In part 4 of this series, we looked at web shells in action by using Weevely as an example. In the final part of this series, we’ll be looking at web shell detection and how to prevent their use. Detection If an administrator suspects that a…
What is Remote File Inclusion (RFI)?
Using remote file inclusion (RFI), an attacker can cause the web application to include a remote file. This is possible for web applications that dynamically include external files or scripts. Potential web security consequences of a successful RFI attack range from sensitive information disclosure and…
Apache Security – 10 Tips for a Secure Installation
The Apache web server is one of the most popular web servers available for both Windows and Linux/UNIX. At the moment, it is used to host approximately 40% of websites. It is also often described as one of the most secure web servers. In this article,…
How to Recover from a Hacked Website Event
Any fellow website owner or webmaster you may ask who is beyond the novice stage will agree that one of their top priorities will always be keeping their websites secure. However, exploits and tools available to hackers are so vast, and software technologies evolve so…
The curse of old Java libraries
Java is known for its backward-compatibility. You can still execute code that was written many years ago, as long as you use an appropriate version of Java. Thanks to this feature, modern projects use a wide range of libraries that have been “tested by time”…
How We Found Another XSS in Google with Acunetix
You have to be a very lazy hacker not to try to find issues in Google. Link and I are not lazy but we may be a bit luckier than most. And we use good tools, which helps. Some time ago, we found an XSS…
Why Malicious Hackers Set Their Sights On Hospitals
If you scan the news headlines, you might be forgiven for thinking that the biggest target of online attackers is financial institutions. Cyber attacks aimed at banks typically gain a lot of press coverage, because everybody likes to think that their money is safe. In…
Session Hijacking and Other Session Attacks
Session IDs are a tasty treat for malicious hackers. Once an attacker gets their hands on a session ID, they can get unauthorized access to a web application and fully impersonate a valid user. In general, there are three primary methods to obtain a valid…