The Verizon 2011 Data Breach Investigations Report states that the Web is the second most common infection vector for malware. The recent lilupophilupop.com SQL injection attacks infecting over a million web pages is a good example of what can happen. According to Google’s Four Years…
Acunetix Web Vulnerability Scanner 8 Combats Rise in Web Hacking Attacks
New Automation & Auto-Configuration Features Make Securing Your Website Easier and Faster London, 16th Feburary 2012 — Acunetix, a name on the forefront of the web application security industry, today announced the 8th version of its popular Web Vulnerability Scanner product. Through this new iteration of…
HTTP Parameter Pollution: a Newer Class of Injection Attack
Nowadays, many components from web applications are commonly run on the user’s computer (such as JavaScript), and not just on the application’s provider server (such as Servlets). As time goes by, there is the need for web applications to provide a multitude of services to…
Online Security Considerations when Traveling
Whenever my friends or family members tell me they’ll be travelling abroad, I always like to remind them not to overlook online security when it comes to their website or blog, especially if accessing their accounts from an unknown computer. No doubt, most travelers will, at…
There’s More to Web Security than Meets the Eye
When we talk about Web security, we typically think about the common OWASP-type elements: SQL injection, cross-site scripting, passwords, encryption and the like. That’s fine but those areas can’t be our only focus. There’s so much more to managing information risks that’s often overlooked. Ask…
Web Passwords are Often the Weakest Link
Of the highly-visible hacks and data breaches over the past year, a large number of them were related to criminal hackers cracking weak Web passwords. This is arguably the most common Web flaw and something that anyone can exploit at any time. The bad guys…
Web Security is Like the Layers of an Onion
If you’ve ever peeled an onion, you’ve seen the multiple layers that make up its existence all the way to the core. Securing your Web presence requires the same approach and it’s called “layered security”. Also referred to as “defense-in-depth”, the layered web security approach…
Acunetix WVS 8 Released Candidate Now Available!
We are pleased to announce a Release Candidate (RC) of the much-awaited Acunetix Web Vulnerability Scanner, version 8. This build fixes issues that were reported during the Beta stages of development and also adds a number of improvements which boost the accuracy of checks and…
To Validate or Not, Is That the Question?
Recently, a project manager I work with asked me if I had manually validated a set of security flaws I uncovered during a web security assessment. The flaws in question were related to the server host and not the actual Web application. I actually had…