The recent publicity and ranting about Twitter’s onMouseOver flaw* got me thinking about our perception of software quality and expectations of risk. Why is there no room for error when Twitter makes a mistake yet we put up with so many bigger – and more…
Check if your application is vulnerable to ASP.NET Padding Oracle Vulnerability
Everybody’s talking about the ASP.NET Padding Oracle vulnerability released a few days ago at the ekoparty Security Conference. However, until now there wasn’t enough information on how do you check if your application is vulnerable or not. Yesterday, Duncan Smart from ASP.NET forums published some…
Why do so many people buy into "checklist" audits?
Probably my biggest pet peeve related to application security is the claim by many (typically management) that “We know we’re secure, we just had an audit”. I can’t tell you how many times I’ve seen this situation. Management will require their administrators to go down…
Directory Traversal in Axigen v7.4.1 running on Windows
Note: This article refers to an older version of Acunetix. Click here to download the latest version. We are continuing with the list of security vulnerabilities found in a number of web applications while testing our latest version of Acunetix WVS v7 . In this…
Ways to avoid email floods when running Web vulnerability scans
If you’ve ever ran a Web vulnerability scan you’ve likely experienced this situation. You fire up your scanner, tweak your settings, and click Start. The next thing you know people in customer service, marketing, IT, etc. are wondering why they’re getting hit with hundreds –…
SQL Injection and XSS vulnerabilities in CubeCart version 4.3.3
Note: This article refers to an older version of Acunetix. Click here to download the latest version. Note: This article refers to an older version of Acunetix. Click here to download the latest version. We are continuing with the list of security vulnerabilities found in…
Web Security problems in Zenphoto version 1.3
Note: This article refers to an older version of Acunetix. Click here to download the latest version. We are continuing with the list of security vulnerabilities found in a number of web applications while testing our latest version of Acunetix WVS v7 . In this…
Security vulnerabilities in Pligg CMS version 1.0.4
Note: This article refers to an older version of Acunetix. Click here to download the latest version. While beta testing the latest version of Acunetix WVS v7, we found a large number of security vulnerabilities in various web applications. In the following days we will…
Don't be an A$$
Welcome back from Summer, and I hope everyone has had a great break. Myself, I was able to take some time in July, but got real busy in August. During the summer I helped two very close friends with some significant IT issues which made…