One of our customers recently reported that some parts of his site were not properly crawled by our scanner (Acunetix Web Vulnerability Scanner). Upon investigation, I found the cause of the problem. When a specific page was visited, a cookie with a random name and a large value…
Network vulnerability assessment gotchas to avoid
There’s a saying that experience is something you don’t get until just after you need it. It’s so true, especially in the context of information security and, specifically, network security testing. If you have any experience running vulnerability scans, you’ve no doubt been down that…
How to Close Unused Open Ports: TCP and UDP Port Scan
One of the checks done in a network scan by Acunetix Vulnerability Scanner is a TCP and UDP port scan. Any open ports detected during the scan will be reported as shown in the screenshot. In this particular scan, these ports have been detected as…
The Importance of Scanning Your Internet-Facing Assets
If your network is in any way connected to the Internet, the security of your network is being put to the test. Your Internet-facing servers are being probed by hackers looking for ways to damage your resources or steal them. It is important that no…
Heart bleed – A Bigger Threat Than Meets the Eye
The Heart bleed Bug took the world by storm the moment the vulnerability became public. Heart bleed Bug is a serious vulnerability in the widely used OpenSSL cryptographic library. This weakness allows theft of data resident in the server’s memory, which generally comprises SSL/TLS encrypted…
E-commerce: The Real Cost of Convenience
The e-commerce business has been growing exponentially for the past 10 years. Hundreds of thousands of businesses have moved online and millions of users have taken their shopping to the Internet. During this rush, everyone seems to ignore security, as a concept and requirement. E-commerce…
The TweetDeck Worm: How it Worked
TweetDeck is a very popular Twitter application (with 23% market share as of June 2009). The application was acquired by Twitter on May 25, 2011. On Wednesday, the user @derGeruhn, exploited a stored XSS (cross-site scripting) vulnerability in the TweetDeck application and created a worm…
Five Web Security Issues Present in Your Business Today
Web security is very complex – with a lot of unknowns. As an executive running a business with a lot of moving parts, I’m sure you can relate. There are numerous areas – both operational and technical – where web security is lacking in practically…
Analysis of an Intrusion: DOS Attack
What is DOS? Denial of Service (DOS) attacks are a type of malicious activity aimed at disrupting the availability of a server or service so it can no longer deliver its functionality. Such attacks are motivated either politically (e.g. rival countries or rival parties), financially…