web application security
False positive free online web application security scanner from Netsparker
Netsparker launched their new enterprise online service offering Netsparker Cloud, which enables organizations to simultaneously scan hundreds and thousands of websites for …
Over a million WP sites at risk of hijacking due to plugin bug
Users who run their websites on the popular WordPress CMS and are also using the WP-Slimstat web analytics plugin should update as soon as possible, warns Sucuri vulnerability …
New DDoS attack and tools use Google Maps plugin as proxy
Attackers are using Joomla servers with a vulnerable Google Maps plugin installed as a platform for launching DDoS attacks. A known vulnerability in a Google Maps plugin for …
Google’s new Cloud Security Scanner detects common security bugs
Here’s some good news for Google App Engine developers: Google has released a new application security scanner that’s especially fitting to test new app builds for …
SQL injection vulnerabilities surge to highest levels in three years
UPDATE: Tuesday, 20 January 2015, 1:10 PT – Jericho from Attrition.org has written an insightful post that essentially debunks the data released by DB Networks. …
Hackers use Pastebin to deliver backdoor code
Cyber attackers taking advantage of legitimate online services is not a new thing, and “online clipboard” Pastebin.com is often used to anonymously leak stolen …
Top 3 reasons businesses should prioritize web security
2014 was a year of high-profile hacks for businesses around the world. From The Home Depot breach to the recent Sony data leak, it seemed like as soon as one data breach was …
Rails security scanner Brakeman 3.0.0 released
Brakeman is an open source vulnerability scanner specifically designed for Ruby on Rails applications. It statically analyzes Rails application code to find security issues at …
Four cyber security risks not to be taken for granted
It’s pretty difficult to make information security predictions, and even more difficult to verify them afterwards: we can only judge the effectiveness of information …
Info of millions of AliExpress customers could have been harvested due to site flaw
A programming flaw in the code of popular online marketplace AliExpress, which connects small Chinese businesses with international buyers and has over 7.7 million registered …
Google open sources Firing Range, a test tool for web app security scanners
Google has open sourced another security tool: it’s called Firing Range, and it’s an effective testing ground for a variety of automated web application security …
Assume your Drupal 7 site has been compromised
Administrators of sites that run Drupal 7, and have not yet updated to version 7.32 or have done so later than 7 hours after the public revelation of the highly critical SQL …