WordPress most targeted CMS by hackers?
Imperva released the results of its Web Application Attack Report (WAAR), the result of analysis of a subset of 99 applications protected by Imperva’s WAF over a period …
Number of malicious eBay listings rises, accounts are hijacked
Pressure is mounting against eBay to quickly detect and remove bogus listings triggering cross-site scripting flaws to redirect users to phishing and other malicious pages. …
XSS bug allows Amazon account hijacking
A recurring XSS bug in Amazon’s Kindle Library, i.e. the “Manage your Kindle” web application, can be exploited by attackers looking to hijack users’ …
Disqus WordPress plugin vulnerabilities
During a penetration testing for a client, Australian based independent security consultant Nik Cubrilovic, discovered a couple of security issues within the very popular …
Quarter of all UK attacks target web services and applications
A comprehensive analysis of security alerts in 2013 reveals that a quarter of all attacks in the UK were application specific attacks or targeted at web applications. This is …
In wake of breach, eBay has to deal with multiple web vulnerabilities
As eBay flounders while trying to adequately respond to the breach it disclosed last week, and deems weak passwords to be good but stronger ones to be weak, researchers are …
XSS bug in popular Chinese site exploited to launch DDoS attack
DDoS mitigation firm Incapsula has put a stop to the speculations that the video content provider whose vulnerable website was misused to launch a DDoS attack was YouTube, and …
Trends in web application security
Despite web application vendors being more responsive and releasing security patches much faster than in 2012, new research revealed that it is still taking an average of over …
Defending against drive-by downloads
In case you haven’t heard the term before, a drive-by download (DbD) is a class of cyber attack where you visit a booby-trapped web site and it automatically, and …
The growing hacking threat to e-commerce websites, part 2
In the first part of my article, I briefly revised attackers’ motivations to compromise your website. In this part, I will discuss how websites get hacked, how you can …
Video: Practical exploitation using a malicious SSID
In this video from DerbyCon, Deral Heiland discusses the leveraging of SSIDs to inject various attacks into wireless devices, and management consoles. The type of injection …
The impact of false positives on web application security scanners
Ferruh Mavituna is the CEO at Mavituna Security and the Product Architect of Netsparker. In this interview he discusses what impact false positives have on web application …