Note: This article refers to an older version of Acunetix. Click here to download the latest version. Nowadays, more and more people are using URL rewrite techniques to increase their “friendliness” to both users and search engines. With URL rewrites, a URL like http://www.site.com/cms/product.php?action=buy&id=1 is…
The One Web Security Oversight You Don’t Want to Miss
As I’ve written about scoping your Web security tests in the past, it’s not something to be taken lightly. Interestingly, there’s one aspect of Web security testing where I’m still seeing a big disconnect. The issue is how many critical Web systems are being dismissed…
The Odds of Web Malware Infection and Your Choice in that Matter
The Verizon 2011 Data Breach Investigations Report states that the Web is the second most common infection vector for malware. The recent lilupophilupop.com SQL injection attacks infecting over a million web pages is a good example of what can happen. According to Google’s Four Years…
Acunetix Web Vulnerability Scanner 8 Combats Rise in Web Hacking Attacks
New Automation & Auto-Configuration Features Make Securing Your Website Easier and Faster London, 16th Feburary 2012 — Acunetix, a name on the forefront of the web application security industry, today announced the 8th version of its popular Web Vulnerability Scanner product. Through this new iteration of…
HTTP Parameter Pollution: a Newer Class of Injection Attack
Nowadays, many components from web applications are commonly run on the user’s computer (such as JavaScript), and not just on the application’s provider server (such as Servlets). As time goes by, there is the need for web applications to provide a multitude of services to…
Online Security Considerations when Traveling
Whenever my friends or family members tell me they’ll be travelling abroad, I always like to remind them not to overlook online security when it comes to their website or blog, especially if accessing their accounts from an unknown computer. No doubt, most travelers will, at…
There’s More to Web Security than Meets the Eye
When we talk about Web security, we typically think about the common OWASP-type elements: SQL injection, cross-site scripting, passwords, encryption and the like. That’s fine but those areas can’t be our only focus. There’s so much more to managing information risks that’s often overlooked. Ask…
Web Passwords are Often the Weakest Link
Of the highly-visible hacks and data breaches over the past year, a large number of them were related to criminal hackers cracking weak Web passwords. This is arguably the most common Web flaw and something that anyone can exploit at any time. The bad guys…
Web Security is Like the Layers of an Onion
If you’ve ever peeled an onion, you’ve seen the multiple layers that make up its existence all the way to the core. Securing your Web presence requires the same approach and it’s called “layered security”. Also referred to as “defense-in-depth”, the layered web security approach…