web application security
Drupal Author Pane module security bypass weakness
A weakness has been reported in the Author Pane module for Drupal, which can be exploited by malicious people to bypass certain security restrictions, according to Secunia. …
Apache fixes “Apache Killer” bug
The Apache Software Foundation has released version 2.2.20 of the Apache HTTP Server, which includes a fix for the DDoS bug that was spotted being exploited in the wild …
Facebook pays bug hunters $40,000 in three weeks
The recently introduced Facebook bug bounty program has proved to be a great success, says Joe Sullivan, the company’s chief security officer. “We know and have …
WebSurgery: Suite for security testing of web applications
WebSurgery is a suite of tools for security testing of web applications. It was designed for security auditors to help them with the web application planning and exploitation. …
Scanning thousands of Web apps in days, not months
Faced with the reality that exploiting a single SQL Injection vulnerability or cross-site scripting (XSS) error in any web application could take down an organization’s …
Web application security on a new level
Qualys announced QualysGuard WAS 2.0, enabling organizations to leverage the power and scalability of the cloud to discover, catalogue and scan large numbers of web …
Web app security scanner Netsparker 2.0 released
Netsparker can crawl, attack and identify vulnerabilities in all custom web applications regardless of the platform and the technology it’s built on, just like an actual …
New OAuth toolkit
Layer 7 Technologies unveiled its OAuth Toolkit, an enterprise-class solution to provide a generalized framework for handling a broad range of OAuth scenarios across cloud, …
90,000+ web pages compromised through iFrame injection
Researchers from security firm Armorize have uncovered a massive iFrame injection attack that has compromised 90,000+ Web pages belonging mostly to e-commerce sites. The …
phpMyAdmin multiple vulnerabilities
Multiple vulnerabilities have been reported in phpMyAdmin, according to Secunia. These can be exploited by malicious users to conduct cross-site scripting attacks and …
Global analysis of 10 million web attacks
Web applications, on average, experience twenty seven attacks per hour, or roughly one attack every two minutes, according to Imperva. They observed and categorized attacks …
2011 CWE/SANS top 25 most dangerous software errors
SANS and Mitre have released the CWE/SANS Top 25 Most Dangerous Software Errors list for 2011. The list was compiled with the help of a great number of security experts from a …
Featured news
Resources
Don't miss
- Budding infosec pros and aspiring cyber crooks targeted with fake PoC exploits
- Weak enforcement keeps PCI DSS compliance low
- Formal proofs expose long standing cracks in DNSSEC
- WatchGuard Firebox firewalls under attack (CVE-2025-14733)
- Docker makes hardened images free open and transparent for everyone