Business logic in web applications refers to the encoding of real-world business rules that determine how data should be created, displayed, stored, and changed in a workflow-style process. Applications implementing business logic are not easy to test automatically because they are meant to be used…
In the headlines: Android vulnerabilities, MongoDB database and more
Major Android vulnerability leaves billions of devices open to attack This week saw some serious Android vulnerabilities hit the headlines; according to various reports these affect 95% of Android devices, allowing them to be hacked simply be receiving an MMS message. The six vulnerabilities are…
Scanning for malicious links and phishing links
Any webmaster who has administered a blog with comments enabled or a forum knows all too well what a nightmare spam comment and post can be. While spam remains a problem, there are a lot of options (most notably Akismet for WordPress) how you can…
In the headlines: Ashleymadison.com, CVS pharmacy, Jeep hack and more
Google calls Wassenaar rules unfeasible The Wassenaar rules’ potential transposition into US law came to light a few weeks ago and just as the open comments on the proposal come to an end, Google have officially spoken out against the proposal. “We believe that these…
Black Hat Infosecurity Report reviewed
Black Hat USA is one of the biggest security events on the global calendar; now in its 18th year the six day event is well attended by the security staff of some of the biggest companies, with many having more than 5000 employees. Therefore, this…
In the headlines: Adobe Flash zero day and Java zero day vulnerabilities, and more
Hacking Team data leak result of Adobe Flash Zero day vulnerability If you’ve seen any security news this last week then it will have been impossible to miss the fact that Italian security company Hacking Team suffered a breach. The implications of this are huge,…
Is the new OpenSSL vulnerability Heartbleed all over again?
Last Monday, OpenSSL core team member Mark J Cox, delivered some, grim, but somewhat expected news on OpenSSL’s mailing list — A new version of OpenSSL is due to be released this Thursday 9th July, fixing a single security defect classified as “high” severity. OpenSSL is…
Acunetix Web Application Vulnerability Report 2015
A year after the release of the online version of our vulnerability scanner in March 2014, Acunetix have aggregated the findings of over 15,000 scans performed on 1.9 million files over the past 12 months with some interesting results. The report details the most common vulnerabilities…
Blind Out-of-band Remote Code Execution vulnerability testing added to AcuMonitor
Similar to Blind Out-of-band SQL Injection vulnerabilities, AcuMonitor can now detect Blind Out-of-band Remote Code Execution (RCE) vulnerabilities. Let’s consider a vulnerable PHP application that contains the following code $cmd = isset($_GET[‘1’]) ? $_GET[‘1’] : ”; if ($cmd) { exec(‘ping -c 1 ‘ . $cmd);…