Three men, responsible for the largest data security breach in U.S. history, stole 130 million credit and debit card numbers from five leading companies. They took advantage of a coding error, and allegedly used a SQL injection attack to compromise a web application, which was…
2 of SANS’s top 25 most dangerous programming errors led to more than 1.5 million website security breaches in 2008
Earlier on this year, a report from SANS institute showed that two of the twenty five most dangerous programming errors, led to more than 1.5 million website security breaches in 2008. The report is a joint effort from more than 30 US and international cyber…
Every website is a target; hacktivism
As stated in previous blog posts, hackers don’t just hack websites to steal online databases and credit card details. Hacktivism, where innocent websites are defaced from malicious users to transmit their political view or opinion, is on the increase. In many major world political events,…
U.S. Dept. of Defence publishes attack details of two successful U.S. Army web servers’ breaches
Department of Defence and other investigators, are investigating two U.S. Army web server breaches which were never publicly disclosed. On 19th September 2007, and 26th January 2008, a Turkish hacker group known as “m0sted” successfully probed 2 U.S. Army web servers, by running a SQL…
New Acunetix WVS 6.5 sets new standards in web vulnerability scanning
Unique Acunetix WVS vulnerability checks save businesses time, money and embarrassment London 20th May 2009 – Acunetix (www.acunetix.com), a pioneer in web application security scanning technology, has announced new ‘file upload forms vulnerability checks’ in version 6.5, an industry first and only Web Vulnerability Scanner…
Implementing a web application firewall is not enough to secure web applications
As demonstrated during an OWASP Europe 2009 presentation, WAFs (web application firewalls) also have vulnerabilities. Sandro Gauci (founder and CSO for EnableSecurity) and Wendel Henrique (member of SpiderLabs) showed how an attacker can easily identify and bypass several well known web application firewalls using XSS…
OpenX 2.6.4 vulnerabilities were identified with Acusensor
If you are making use of OpenX, the following update fixes a number of security flaws that were identified when we made use of Acunetix WVS with the Acusensor technology enabled. Released an advisory detailing these vulnerabilities here. The SQL injection vulnerabilities abuse an INSERT…
Drupal Local File Inclusion Vulnerability
I was testing our scanner (with AcuSensor enabled) on Drupal (http://www.drupal.org) and the scanner found a possible File Inclusion vulnerability. As you can see from the screenshot above, the GET variable q was set to start/../../xxx….end and it got partially sanitized. It reached the include…
Acunetix Web Vulnerability Scanner Voted Windowsecurity.Com Readers’ Choice Award Winner for the second time
Acunetix WVS Singled Out by Network Security Administrators and Specialists London, UK – 26 February 2009 – Leading Windows Security resource site, WindowSecurity.com, announced today that Acunetix Web Vulnerability Scanner was selected the winner in the Web Application Security category of the WindowSecurity.com Readers’ Choice Awards….