The 6th annual AISA National Conference, held at the Sydney Exhibition and Convention Centre on 10th October 2013, hosted over 900 experts and professionals from the Information Security industry. Acunetix showcased at the information odyssey-themed event in collaboration with Aquion, an official Acunetix Partner based…
XSS Vulnerability injected through Google Analytics, executed in IOS’s Gmail application
Roy Castillo, a security researcher from the Philippines, identified a cross-site scripting (XSS) vulnerability in the Gmail application for iOS. The vulnerability was found in the mail attachment feature and needed no user interaction to be triggered. In a post on his blog, Roy Castillo…
IT Security Includes Cyber Attack Response
Preventing cyber attacks is a dominant topic for IT security. It is the first layer of defense. The more attacks prevented the better – no question about it. However, does great prevention guarantee there will no successful cyber attacks? Of course not. Good Security is…
Critical vulnerabilities discovered in Gazelle and TBDEV.net
Gazelle and TBDEV.NET are the most popular web applications used as BitTorrent trackers. A BitTorrent tracker is an application that assists in the communication between peers using the BitTorrent protocol. BitTorrent trackers can be public/open where anybody can join or private (where an invitation is…
The Default WordPress Administrator Account Is In Use
Alert group: WordPress default “admin” account exists Acunetix WP Security Plugin test: During this test Acunetix looks for the default admin account in the WordPress user list. Repercussions: With the default WordPress administrator account active, a malicious user does not have to guess the username…
Acunetix WVS v9, build 20131009 checks for HTML Injection, detection of weak passwords in Joomla! and Django
Acunetix Web Vulnerability Scanner version 9, build 20131009 includes checks for HTML Injection, and adds the detection of weak passwords in Joomla! and Django’s Administrative interfaces. In addition, the new build includes the detection of readme documentation files, together with various other updates and fixes….
On the Increasing Popularity of JavaScript
Many people think of JavaScript as a way to create interactive and dynamic web pages. JavaScript gives visitors a great website experience across platforms and across browsers that can be adjusted and tweaked to fit the user’s device, interests, and history. Plus it creates a more…
Why You Need To Pay Attention To The Slow HTTP Attack
Okay, I admit, I haven’t been stressing enough to people just how critical the Slow HTTP vulnerability really is. The Slow HTTP flaw is present on practically every Apache-based system I test and can facilitate denial of service (DoS) conditions rendering even the most resilient…
The Role Of An Automated Web Vulnerability Scanner In A Holistic Web Security Audit
Easily two-thirds of the value of any given web vulnerabilities assessment comes from the use of automated web vulnerability scanners. At least that’s been my experience. I certainly don’t have the knowledge – or the time – to manually track down every single flaw on…