What is Blind XSS? Blind XSS is a flavor of cross site scripting (XSS), where the attacker “blindly” deploys a series of malicious payloads on web pages that are likely to save them to a persistent state (like in a database, or in a log…
Lessons Learned From A Web Security Breach
There’s a lot of focus on proactive security testing and rightly so. It’s the best way to stay out of hot water. But what happens when the going gets tough and you end up missing a vulnerability that leads to a web security breach? There’s…
Application Security Calls For A Proactive Approach
Error! That’s something we don’t have much room for in application security. Yet we leave so much to chance. The only reasonable way to find the flaws that matter – and to keep up – is to use automated tools and processes wherever possible. Numerous…
Top 5 Common Network Security Vulnerabilities that Are Often Overlooked
Your network security is just as important as securing your web site and related applications. Networks, because of the sensitive data they usually give access to, are one of the most targeted public faces of an organization. Here are the top 5 network security vulnerabilities…
Understanding the value of the OWASP Top 10 2013
Find out how IT security professionals can benefit from the free resources available from the OWASP Top 10 2013 List of Risks. As IT security professionals we certainly have our fair share of information available to simplify the work we do. There’s the CVE dictionary,…
OWASP Updated the Top 10 List of Risks for 2013
Last week, the OWASP team officially updated the Top 10 list of risks so as to make it relevant for the web attack vectors identified in the last three years. The OWASP Top Ten summarizes and often combines web application vulnerabilities into an easy to interpret and…
Responding to DoS attacks at the web layer
Are you ready to respond to DoS attacks at the web layer? In this article, Kevin Beaver shares an anecdote from his own experience whilst highlighting some important steps to take. First things first; responding to DoS attacks at the web layer starts with ensuring…
WordPress Caching Plugins Remote PHP Code Execution
Two very popular WordPress caching plugins: WP Super Cache (4,373,811 downloads) and W3 Total Cache (1,975,480 downloads) have been affected by a vulnerability that allows remote users to execute arbitrary PHP code. The affected versions are: WP Super Cache (version 1.2 and below, version 1.3.x and up are…
WordPress Attack Vectors and Open Amazon S3 Buckets Identified by Acunetix WVS
Recently there were a lot of news reports about an ongoing attack on sites using WordPress software. Attackers are using around 90,000 computers to try to brute force WordPress credentials. All these servers are trying common account names like admin, administrator, test, tom, jessica, … and…