Netflix has released an open source tool that their engineering team have developed in-house that can find second-order XSS vulnerabilities in web applications. The tool is called Sleepy Puppy, and while it’s a good initiative from Netflix, the auto-detection of ‘Delayed XSS’ is nothing new….
Password hashing and the Ashley Madison hack
The mainstream media is in a frenzy about the Ashley Madison hack, and with good reason. Aside from the shady social and moral motives that most people are criticising Avid Life Media (the site’s owners) about, the breach is a notable one in terms of…
Acunetix GM interviewed on Rust Report
Acunetix General Manager, Chris Martin was interviewed by Len Rust for the popular Australasian ICT news platform – Rust Report during Cebit in Sydney Australia 2015. In his interview, Mr. Martin gives a brief overview of the company, describes what sets Acunetix apart from its competitors,…
In the headlines: Ashley Madison hack, Amazon quits Flash, Stolen IRS tax records and more
Adultery site data hits the web with serious consequences The Ashley Madison hack continues to grab headlines, with a reported 39GB of data having now been dumped online. What also emerged from the leaked data is that around 90% of users were in fact male….
WordPress 4.3 “Billie” improves password resets
The WordPress team have just announced that the 4.3 release of the massively popular blogging and content management software has been released to the public. While there are some interesting new usability features, the WordPress team have also released a new security feature that deals…
In the headlines: Oracle CSO fracas, Wassenaar re-evaluated, car hacking lawsuits and more
Oracle publish then delete blog whining about bug finders We’re well in the age of the ‘bug bounty’, where companies have cottoned on to the fact that it’s safer to pay those who discover security flaws in their products, than risk them being published and…
In the headlines: Chinese VPN Services, MasterCard survey, Firefox Exploit and more
Chinese Internet Policing Becomes Literal China is well known for having some of the strictest internet restrictions in the world and the level of control from the government is now set to increase further, with police being posted at the larger internet companies. The government…
Business Logic Security Testing with Acunetix v10
Business logic in web applications refers to the encoding of real-world business rules that determine how data should be created, displayed, stored, and changed in a workflow-style process. Applications implementing business logic are not easy to test automatically because they are meant to be used…
In the headlines: Android vulnerabilities, MongoDB database and more
Major Android vulnerability leaves billions of devices open to attack This week saw some serious Android vulnerabilities hit the headlines; according to various reports these affect 95% of Android devices, allowing them to be hacked simply be receiving an MMS message. The six vulnerabilities are…