Please turn on your JavaScript for this page to function normally.

web application security

phpMyAdmin multiple vulnerabilities

Multiple vulnerabilities have been reported in phpMyAdmin, according to Secunia. These can be exploited by malicious users to conduct cross-site scripting attacks and …

Global analysis of 10 million web attacks

Web applications, on average, experience twenty seven attacks per hour, or roughly one attack every two minutes, according to Imperva. They observed and categorized attacks …

2011 CWE/SANS top 25 most dangerous software errors

SANS and Mitre have released the CWE/SANS Top 25 Most Dangerous Software Errors list for 2011. The list was compiled with the help of a great number of security experts from a …

Web Application Attack and Audit Framework 1.0 released

The Web Application Attack and Audit Framework’s (w3af) goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. …

LinkedIn security flaws allow account hijacking

LinkedIn users are in danger of having their their account hijacked when accessing it over insecure Wi-Fi networks or public computers, says independent security researcher …

phpMyAdmin redirection weakness and script insertion vulnerability

A weakness and a vulnerability have been reported in phpMyAdmin, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to …

Microsoft Web Application Configuration Analyzer 2.0 released

Web Application Configuration Analyzer (WACA) is a tool that scans a server against a set of best practices recommended for pre-production and production servers. The list of …

Hackers steal, publish Fox employee passwords

A group of attackers who clearly have it in for Fox Broadcasting have managed to access a company server with hundreds of their employees’ email usernames and passwords. …

Exponent CMS multiple vulnerabilities

Multiple vulnerabilities have been discovered in Exponent CMS, which can be exploited by malicious people to conduct cross-site request forgery attacks and disclose sensitive …

Page-integrated encryption for protecting credit cards on the web

Voltage Security announced a new encryption breakthrough for protecting personal data entered by consumers on web pages called PIE for Page-Integrated Encryption. The company …

Application security vulnerabilities

Rafal Los, Application Security Evangelist at HP Software, talks about application security vulnerabilities at the logic level. The inner-workings of an application can only …

MITM attacks made possible by SSL certs issued for unqualified names

The recent compromise of a Comodo affiliate Registration Authority which resulted in the issue of nine rogue SSL certificates for seven popular domains has jolted the security …

Don't miss

Cybersecurity news