web application security
Kickstarter bug granted access to unlaunched projects
A bug in the private application programming interface (API) of Kickstarter, the popular crowd funding website for creative projects, has exposed details about 70,000 projects …
1,000+ WordPress sites compromised through automatic update feature
More than 1,000 WordPress blogs have been modified to redirect visitors to sites serving malware, affiliate and pay-per-click redirectors, and low quality PPC search result …
Top 10 business logic attack vectors
Application business logic flaws are unique to each custom application, potentially very damaging, and difficult to test. Attackers exploit business logic by using deductive …
Majority of web apps vulnerable to most frequent exploits
84 percent of web applications from public companies were deemed unacceptable when measured against the OWASP Top 10 most frequently exploited web application vulnerabilities, …
How to spot automated Web application attacks
Imperva released its April Hacker Intelligence Report Automation of Attacks, which analyzes how and why attacks on Web applications are automated. As much as 98 percent of …
Web application attack report from FireHost
Secure cloud hosting company, FireHost, has revealed details about type and origin of web attacks that it has blocked from causing harm to clients’ web applications and …
Google sent out notifications to owners of hacked sites
Matt Cutts, the head of Google’s Web spam team, has announced on his Twitter account that the company has notified 20,000 Web site owners that their sites may have been …
SQL injection main database security concern among SMBs
GreenSQL surveyed more than six thousand GreenSQL SMB users – IT administrators, DBAs, data security professionals and consultants – about their most critical …
New Ice malware attacking Facebook users
Trusteer researchers have discovered a new configuration of the Ice IX malware that attacks Facebook users after they have logged in to their account and steals credit card …
Deconstructing local and remote file inclusion attack vectors
Imperva released its latest Hacker Intelligence Initiative report exploring how Local and Remote File Inclusion (RFI/LFI) attacks enable hackers to execute malicious code and …
The sorry state of web-based single sign-on services
Web-based single sign-on services are becoming increasingly popular, as they offer a better and simpler user experience. But are they secure? The question was asked by team of …
Surge in mobile exploits and shell command injection attacks
IBM released the results of its X-Force 2011 Trend and Risk Report which shows surprising improvements in several areas of Internet security such as a reduction in application …
Featured news
Sponsored
Don't miss
- Most people still rely on memory or pen and paper for password management
- What AI can tell organizations about their M&A risk
- Breaking down the numbers: Cybersecurity funding activity recap
- Applying DevSecOps principles to machine learning workloads
- Overcoming GenAI challenges in healthcare cybersecurity