WP Live Chat for WordPress is a very popular plugin used by many companies to provide online support. Currently, it has more than 50000 active installations. Very recently, researchers from Alert Logic found an authentication bypass vulnerability in this plugin. This vulnerability may be used…
A Typo Can Make You an Administrator
You are a developer. You put a lot of effort into making sure that your code is safe. You never trust user input, you use the best security-related development libraries. And then you make one small typo and everything is ruined. This is not fiction….
Protecting Your Website against Low Orbit Ion Cannon
The Low Orbit Ion Cannon (LOIC) is a tool that was developed by Praetox Technologies as a network stress testing application and then released into the public domain. This application is available as open source on Sourceforge.net and often used by malicious parties for DoS…
Mitigate Slow HTTP GET/POST Vulnerabilities in the Apache HTTP Server
A slow HTTP Denial of Service attack (DoS), otherwise referred to as the Slowloris HTTP attack, makes use of HTTP GET requests to occupy all available HTTP connections permitted by a web server. It takes advantage of a vulnerability in thread-based web servers, which wait…
Visit Us at Black Hat USA 2019
Black Hat, founded by Jeff Moss (Dark Tangent), is one of the biggest and best-known cybersecurity conferences in the world. Organized in the USA since 1997 and in Europe and Asia since 2000, it is perceived as aimed at the corporate world but it caters…
PHP Security Guide
PHP remains the most popular server-side language for websites and web applications. According to the latest data from w3techs, it is used by 79% of websites whose server-side language is known. Therefore, secure PHP programming and configuration are of critical importance. There are more reasons,…
Secure Your Node.js .env Files
Node.js is an environment that helps you create server-side applications using JavaScript. One of the common Node.js elements that developers like and use are .env files. These files let you easily save and load environment variables. Developers often use them to store confidential information. However,…
Malta A.I. & Blockchain Summit 2019 Highlights
Acunetix held a stand at the Spring Edition of the Malta A.I. & Blockchain Summit 2019 that took place on May 23-24, 2019 on the ‘Blockchain Island’ of Malta, at the Hilton Business Centre. The event was very well received. It brought together over 5,500…
Chrome Tightens CSRF Protection
The Chrome 76 browser, which is expected in July 2019, will include tighter controls for the SameSite cookie attribute. This attribute is used by website or web application developers when they set cookies. It specifies whether the cookie may be used in a third-party context….