web application security
Scanning thousands of Web apps in days, not months
Faced with the reality that exploiting a single SQL Injection vulnerability or cross-site scripting (XSS) error in any web application could take down an organization’s …
Web application security on a new level
Qualys announced QualysGuard WAS 2.0, enabling organizations to leverage the power and scalability of the cloud to discover, catalogue and scan large numbers of web …
Web app security scanner Netsparker 2.0 released
Netsparker can crawl, attack and identify vulnerabilities in all custom web applications regardless of the platform and the technology it’s built on, just like an actual …
New OAuth toolkit
Layer 7 Technologies unveiled its OAuth Toolkit, an enterprise-class solution to provide a generalized framework for handling a broad range of OAuth scenarios across cloud, …
90,000+ web pages compromised through iFrame injection
Researchers from security firm Armorize have uncovered a massive iFrame injection attack that has compromised 90,000+ Web pages belonging mostly to e-commerce sites. The …
phpMyAdmin multiple vulnerabilities
Multiple vulnerabilities have been reported in phpMyAdmin, according to Secunia. These can be exploited by malicious users to conduct cross-site scripting attacks and …
Global analysis of 10 million web attacks
Web applications, on average, experience twenty seven attacks per hour, or roughly one attack every two minutes, according to Imperva. They observed and categorized attacks …
2011 CWE/SANS top 25 most dangerous software errors
SANS and Mitre have released the CWE/SANS Top 25 Most Dangerous Software Errors list for 2011. The list was compiled with the help of a great number of security experts from a …
Web Application Attack and Audit Framework 1.0 released
The Web Application Attack and Audit Framework’s (w3af) goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. …
LinkedIn security flaws allow account hijacking
LinkedIn users are in danger of having their their account hijacked when accessing it over insecure Wi-Fi networks or public computers, says independent security researcher …
phpMyAdmin redirection weakness and script insertion vulnerability
A weakness and a vulnerability have been reported in phpMyAdmin, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to …
Microsoft Web Application Configuration Analyzer 2.0 released
Web Application Configuration Analyzer (WACA) is a tool that scans a server against a set of best practices recommended for pre-production and production servers. The list of …