An .htaccess file is a configuration file which provides the ability to specify configuration settings for a specific directory in a website. The .htaccess file can include one or more configuration settings which apply only for the directory in which the .htaccess file has been…
Protect Your WordPress Website from a Pharma Hack
One of the worst feelings I’ve ever experienced was when I received an email from one of my customers telling me that my website had been hacked. It got worse, as I couldn’t see any changes in my content, the design or the source code!…
Acunetix Parses Version Control Systems
A lot of developers are using version control systems such as SVN (Apache Subversion) and GIT in order to track changes in their source code. These types of server tools are essential for the organizations which have multi-developer projects. Most of these version control systems…
New Features in Acunetix WVS: Crawling of Websites with Different User-Agent Strings
Note: This article refers to an older version of Acunetix. Click here to download the latest version. When you visit a website your browser sends an HTTP header called “User-Agent” to the web server. This header indicates which web browser you are using, its version…
Checking For Vulnerabilities in Path Fragments
Note: This article refers to an older version of Acunetix. Click here to download the latest version. Nowadays, more and more people are using URL rewrite techniques to increase their “friendliness” to both users and search engines. With URL rewrites, a URL like http://www.site.com/cms/product.php?action=buy&id=1 is…
The One Web Security Oversight You Don’t Want to Miss
As I’ve written about scoping your Web security tests in the past, it’s not something to be taken lightly. Interestingly, there’s one aspect of Web security testing where I’m still seeing a big disconnect. The issue is how many critical Web systems are being dismissed…
HTTP Parameter Pollution: a Newer Class of Injection Attack
Nowadays, many components from web applications are commonly run on the user’s computer (such as JavaScript), and not just on the application’s provider server (such as Servlets). As time goes by, there is the need for web applications to provide a multitude of services to…
There’s More to Web Security than Meets the Eye
When we talk about Web security, we typically think about the common OWASP-type elements: SQL injection, cross-site scripting, passwords, encryption and the like. That’s fine but those areas can’t be our only focus. There’s so much more to managing information risks that’s often overlooked. Ask…
Web Security is Like the Layers of an Onion
If you’ve ever peeled an onion, you’ve seen the multiple layers that make up its existence all the way to the core. Securing your Web presence requires the same approach and it’s called “layered security”. Also referred to as “defense-in-depth”, the layered web security approach…