TweetDeck is a very popular Twitter application (with 23% market share as of June 2009). The application was acquired by Twitter on May 25, 2011. On Wednesday, the user @derGeruhn, exploited a stored XSS (cross-site scripting) vulnerability in the TweetDeck application and created a worm…
Five Web Security Issues Present in Your Business Today
Web security is very complex – with a lot of unknowns. As an executive running a business with a lot of moving parts, I’m sure you can relate. There are numerous areas – both operational and technical – where web security is lacking in practically…
Analysis of an Intrusion: DOS Attack
What is DOS? Denial of Service (DOS) attacks are a type of malicious activity aimed at disrupting the availability of a server or service so it can no longer deliver its functionality. Such attacks are motivated either politically (e.g. rival countries or rival parties), financially…
Acunetix WVS v9.5 Build 20140602 – New Security Tests
Each Acunetix WVS update generally includes new vulnerability tests or an improvement to existing checks. This post summarizes the new security tests added in the latest Acunetix WVS update. Cross Domain Data Hijacking A website is vulnerable if an attacker can create/upload a malicious Flash (SWF) file…
Getting Back to Basics with Web Security
It’s usually the simple things in life that create the most problems – we’ve all learned this universal law the hard way. Be it slick tires when driving in the rain, that extra decimal point when doing our taxes, or a bad Ethernet patch cable…
Patching Servers is Not Enough
Patches and vulnerabilities Patches are pieces of code designed to fix ‘bugs’, enable additional functionality or address security flaws in operating systems and applications. Timely installation of patches on web servers and applications is generally recognized as critical to the success of website availability and…
Taking Politics out of the Web Security Equation
Web security is complicated enough. Adding a healthy dose of politics, like what exists in most organizations, often proves to be more than IT professionals can handle. Most problems in life are either financial, health, or people-related. It’s the people part of the equation in…
Why you should be Concerned about Web Security
Ever since the Heartbleed bug disaster, you’d think companies are becoming more vigilant with their web security plan. Recent events seem to show evidence to the contrary, with millions of users’ data left exposed to cyber-attacks on popularly used websites, including a government website and…
Analysis of an Intrusion: Backdoors
The concept of “Backdoor” has seen many interpretations during the relatively short history of the Internet. Microsoft defines Backdoors as “A hidden entrance to a computer system that can be used to bypass security policies”, and, in essence, that is what they are. A Backdoor…