web application security
BackTrack adds RandomStorm WordPress scanner
RandomStorm’s WPScan, the free WordPress security scanner, has been added to the latest version of BackTrack. BackTrack is an open source operating system that provides …
Pligg CMS multiple XSS vulnerabilities
Multiple vulnerabilities have been discovered in Pligg CMS, which can be exploited by malicious people to conduct cross-site scripting attacks, according to Secunia. 1. Input …
phpMyAdmin multiple script insertion vulnerabilities
Multiple vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious users to conduct script insertion attacks, according to Secunia. 1. Certain …
Drupal Author Pane module security bypass weakness
A weakness has been reported in the Author Pane module for Drupal, which can be exploited by malicious people to bypass certain security restrictions, according to Secunia. …
Apache fixes “Apache Killer” bug
The Apache Software Foundation has released version 2.2.20 of the Apache HTTP Server, which includes a fix for the DDoS bug that was spotted being exploited in the wild …
Facebook pays bug hunters $40,000 in three weeks
The recently introduced Facebook bug bounty program has proved to be a great success, says Joe Sullivan, the company’s chief security officer. “We know and have …
WebSurgery: Suite for security testing of web applications
WebSurgery is a suite of tools for security testing of web applications. It was designed for security auditors to help them with the web application planning and exploitation. …
Scanning thousands of Web apps in days, not months
Faced with the reality that exploiting a single SQL Injection vulnerability or cross-site scripting (XSS) error in any web application could take down an organization’s …
Web application security on a new level
Qualys announced QualysGuard WAS 2.0, enabling organizations to leverage the power and scalability of the cloud to discover, catalogue and scan large numbers of web …
Web app security scanner Netsparker 2.0 released
Netsparker can crawl, attack and identify vulnerabilities in all custom web applications regardless of the platform and the technology it’s built on, just like an actual …
New OAuth toolkit
Layer 7 Technologies unveiled its OAuth Toolkit, an enterprise-class solution to provide a generalized framework for handling a broad range of OAuth scenarios across cloud, …
90,000+ web pages compromised through iFrame injection
Researchers from security firm Armorize have uncovered a massive iFrame injection attack that has compromised 90,000+ Web pages belonging mostly to e-commerce sites. The …