web application security
Joomla! security bypass weakness and XSS vulnerability
A weakness and a vulnerability have been reported in Joomla!, which can be exploited by malicious people to bypass certain security restrictions and conduct cross-site …
Framework for analyzing web-based threats
Wepawet is a framework for the analysis of web-based threats. It uses a composition of tools and techniques to execute, trace, analyze, and characterize the activity of code …
Secure access to Office 365 cloud-based web applications
RSA SecurID can now be integrated with the Windows Active Directory Federation Services 2.0 (AD FS 2.0). This integration can enable organizations to provide secure user …
Web application security vulnerabilities and strategies
The use of web applications has soared recently, due to the significant value they can add to enterprises by providing innovative ways to interact with customers. However, so …
Testing web applications for security flaws
David Hoelzer is the Director of Research, Enclave Forensics and a SANS Trainer. In this interview he discusses web application testing, offers advice for those on the hunt …
Vulnerability management for Web applications
Core Security announced Core WebVerify Web application security software that provides organizations with actionable intelligence and analysis on indisputably critical …
BackTrack adds RandomStorm WordPress scanner
RandomStorm’s WPScan, the free WordPress security scanner, has been added to the latest version of BackTrack. BackTrack is an open source operating system that provides …
Pligg CMS multiple XSS vulnerabilities
Multiple vulnerabilities have been discovered in Pligg CMS, which can be exploited by malicious people to conduct cross-site scripting attacks, according to Secunia. 1. Input …
phpMyAdmin multiple script insertion vulnerabilities
Multiple vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious users to conduct script insertion attacks, according to Secunia. 1. Certain …
Drupal Author Pane module security bypass weakness
A weakness has been reported in the Author Pane module for Drupal, which can be exploited by malicious people to bypass certain security restrictions, according to Secunia. …
Apache fixes “Apache Killer” bug
The Apache Software Foundation has released version 2.2.20 of the Apache HTTP Server, which includes a fix for the DDoS bug that was spotted being exploited in the wild …
Facebook pays bug hunters $40,000 in three weeks
The recently introduced Facebook bug bounty program has proved to be a great success, says Joe Sullivan, the company’s chief security officer. “We know and have …