web application security
2011 CWE/SANS top 25 most dangerous software errors
SANS and Mitre have released the CWE/SANS Top 25 Most Dangerous Software Errors list for 2011. The list was compiled with the help of a great number of security experts from a …
Web Application Attack and Audit Framework 1.0 released
The Web Application Attack and Audit Framework’s (w3af) goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. …
LinkedIn security flaws allow account hijacking
LinkedIn users are in danger of having their their account hijacked when accessing it over insecure Wi-Fi networks or public computers, says independent security researcher …
phpMyAdmin redirection weakness and script insertion vulnerability
A weakness and a vulnerability have been reported in phpMyAdmin, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to …
Microsoft Web Application Configuration Analyzer 2.0 released
Web Application Configuration Analyzer (WACA) is a tool that scans a server against a set of best practices recommended for pre-production and production servers. The list of …
Hackers steal, publish Fox employee passwords
A group of attackers who clearly have it in for Fox Broadcasting have managed to access a company server with hundreds of their employees’ email usernames and passwords. …
Exponent CMS multiple vulnerabilities
Multiple vulnerabilities have been discovered in Exponent CMS, which can be exploited by malicious people to conduct cross-site request forgery attacks and disclose sensitive …
Page-integrated encryption for protecting credit cards on the web
Voltage Security announced a new encryption breakthrough for protecting personal data entered by consumers on web pages called PIE for Page-Integrated Encryption. The company …
Application security vulnerabilities
Rafal Los, Application Security Evangelist at HP Software, talks about application security vulnerabilities at the logic level. The inner-workings of an application can only …
MITM attacks made possible by SSL certs issued for unqualified names
The recent compromise of a Comodo affiliate Registration Authority which resulted in the issue of nine rogue SSL certificates for seven popular domains has jolted the security …
Top cybercrime weapon: Web exploit toolkits
HP identified a significant increase in the volume of organized cybercrime targeting data centers and networks, which can lead to financial and data loss. While there were …
Vulnerabilities in common web applications escalate
A new Cenzic report reveals widespread Web application vulnerabilities, with 2,155 discovered – a third of which have both no known solution and an exploit code publicly …
Featured news
Resources
Don't miss
- China-linked spies backdoored authentication stack to stay hidden for years
- AI vulnerability discovery is pushing 2026 CVEs toward 66,000
- PhishLumos: Exposing phishing campaigns that evade detection by hiding content
- Onspring CISO on where automated GRC systems fall short
- Open-source CI/CD abuse detector guards against stolen credential attacks