web application security
Equifax breach: Sensitive info, SSNs of 44% of U.S. consumers accessed by attackers
Equifax, one of the three largest American credit agencies, has announced that it has suffered a “cybersecurity incident” affecting some 143 million U.S. …
PACER vulnerability allowed hackers to access legal docs while sticking others with the bill
A CSRF flaw that made it possible for attackers to access court documents on the PACER system while making legitimate users pay for it has finally been plugged. What is PACER? …
751 domains hijacked to redirect visitors to exploit kit
An unknown attacker has managed to modify the name servers assigned to 751 domains, which resulted in some visitors to the hijacked domains being redirected to a site hosting …
Telegram-based Katyusha SQL injection scanner sold on hacker forums
Despite regularly achieving one of the top spots on the OWASP Top 10 list of the most critical web application security risks, injection vulnerabilities continue to plague …
Review: Acunetix 11
Acunetix is one of the biggest players in the web security arena. The European-based company released the first version of their product back in 2005, and thousands of clients …
Rising information security threats, and what to do about them
The digital threat landscape faced by enterprises large and small is in perpetual flux, and keeping an eye on things and adapting defenses should be of primary importance to …
Password Reset MITM: Exposing the need for better security choices
Attackers that have set up a malicious site can use users’ account registration process to successfully perform a password reset process on a number of popular websites …
High-Tech Bridge ImmuniWeb named Best Emerging Technology
Web and mobile application security testing services provider High-Tech Bridge has won the “Best Emerging Technology” category at the SC Awards Europe 2017. The company has …
Apache servers under attack through easily exploitable Struts 2 flaw
A critical vulnerability in Apache Struts 2 is being actively and heavily exploited, even though the patch for it has been released on Monday. System administrators are …
Qualys and Bugcrowd bring automation, crowdsourcing to web app security
At RSA Conference 2017, Qualys and Bugcrowd announced joint development integrations allowing joint customers the ability to share vulnerability data across automated web …
25% of web apps still vulnerable to eight of the OWASP Top Ten
69 percent of web applications are plagued by vulnerabilities that could lead to sensitive data exposure, and 55 percent by cross-site request forgery flaws, the results of a …
Qualys brings web application security automation to a new level
At RSA Conference 2017, Qualys announced new functionality in its web application security offerings, including scalable fast scanning, detection and patching of websites, …