web application security
Web Application Attack and Audit Framework 1.0 released
The Web Application Attack and Audit Framework’s (w3af) goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. …
LinkedIn security flaws allow account hijacking
LinkedIn users are in danger of having their their account hijacked when accessing it over insecure Wi-Fi networks or public computers, says independent security researcher …
phpMyAdmin redirection weakness and script insertion vulnerability
A weakness and a vulnerability have been reported in phpMyAdmin, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to …
Microsoft Web Application Configuration Analyzer 2.0 released
Web Application Configuration Analyzer (WACA) is a tool that scans a server against a set of best practices recommended for pre-production and production servers. The list of …
Hackers steal, publish Fox employee passwords
A group of attackers who clearly have it in for Fox Broadcasting have managed to access a company server with hundreds of their employees’ email usernames and passwords. …
Exponent CMS multiple vulnerabilities
Multiple vulnerabilities have been discovered in Exponent CMS, which can be exploited by malicious people to conduct cross-site request forgery attacks and disclose sensitive …
Page-integrated encryption for protecting credit cards on the web
Voltage Security announced a new encryption breakthrough for protecting personal data entered by consumers on web pages called PIE for Page-Integrated Encryption. The company …
Application security vulnerabilities
Rafal Los, Application Security Evangelist at HP Software, talks about application security vulnerabilities at the logic level. The inner-workings of an application can only …
MITM attacks made possible by SSL certs issued for unqualified names
The recent compromise of a Comodo affiliate Registration Authority which resulted in the issue of nine rogue SSL certificates for seven popular domains has jolted the security …
Top cybercrime weapon: Web exploit toolkits
HP identified a significant increase in the volume of organized cybercrime targeting data centers and networks, which can lead to financial and data loss. While there were …
Vulnerabilities in common web applications escalate
A new Cenzic report reveals widespread Web application vulnerabilities, with 2,155 discovered – a third of which have both no known solution and an exploit code publicly …
Massive SQL injection attack compromises 380,000 URLs
A massive SQL injection attack campaign has been spotted by Websense researchers, and the number of unique URLs affected by it has risen from 28,000 when first detected …