web application security Archives

PACER vulnerability allowed hackers to access legal docs while sticking others with the bill

August 10, 2017
PACER
USA
vulnerability

A CSRF flaw that made it possible for attackers to access court documents on the PACER system while making legitimate users pay for it has finally been plugged. What is PACER? …

751 domains hijacked to redirect visitors to exploit kit

An unknown attacker has managed to modify the name servers assigned to 751 domains, which resulted in some visitors to the hijacked domains being redirected to a site hosting …

Telegram-based Katyusha SQL injection scanner sold on hacker forums

July 12, 2017
cybercrime
hacking
MySQL

Despite regularly achieving one of the top spots on the OWASP Top 10 list of the most critical web application security risks, injection vulnerabilities continue to plague …

Review: Acunetix 11

July 10, 2017
Acunetix
review
software

Acunetix is one of the biggest players in the web security arena. The European-based company released the first version of their product back in 2005, and thousands of clients …

Rising information security threats, and what to do about them

July 3, 2017
0-day
CISO
cybersecurity

The digital threat landscape faced by enterprises large and small is in perpetual flux, and keeping an eye on things and adapting defenses should be of primary importance to …

Password Reset MITM: Exposing the need for better security choices

Attackers that have set up a malicious site can use users’ account registration process to successfully perform a password reset process on a number of popular websites …

High-Tech Bridge ImmuniWeb named Best Emerging Technology

Web and mobile application security testing services provider High-Tech Bridge has won the “Best Emerging Technology” category at the SC Awards Europe 2017. The company has …

Apache servers under attack through easily exploitable Struts 2 flaw

March 9, 2017
Apache
attack
exploit

A critical vulnerability in Apache Struts 2 is being actively and heavily exploited, even though the patch for it has been released on Monday. System administrators are …

Qualys and Bugcrowd bring automation, crowdsourcing to web app security

February 14, 2017
automation
Bugcrowd
Qualys

At RSA Conference 2017, Qualys and Bugcrowd announced joint development integrations allowing joint customers the ability to share vulnerability data across automated web …

25% of web apps still vulnerable to eight of the OWASP Top Ten

69 percent of web applications are plagued by vulnerabilities that could lead to sensitive data exposure, and 55 percent by cross-site request forgery flaws, the results of a …