web application security – Page 16

Someone Hijacking Unsecured MongoDB Databases for Ransom

Posted on January 4, 2017 by Swati Khandelwal

Nearly two years back, we warned users about publicly accessible MongoDB instances – almost 600 Terabytes (TB) – over the Internet which require no authentication, potentially leaving websites and servers at risk of hacking.

These MongoDB instances weren’t exposed due to any flaw in its software, but due to a misconfiguration (bad security practice) that let any remote attacker access MongoDB

Continue reading Someone Hijacking Unsecured MongoDB Databases for Ransom→

3 Critical Zero-Day Flaws Found in PHP 7 — One Remains Unpatched!

Posted on December 29, 2016 by Swati Khandelwal

Three critical zero-day vulnerabilities have been discovered in PHP 7 that could allow an attacker to take complete control over 80 percent of websites which run on the latest version of the popular web programming language.

The critical vulnerabilities reside in the unserialized mechanism in PHP 7 – the same mechanism that was found to be vulnerable in PHP 5 as well, allowing hackers to

Continue reading 3 Critical Zero-Day Flaws Found in PHP 7 — One Remains Unpatched!→

Yahoo Mail XSS Bug Worth Another $10K to Researcher

Posted on December 9, 2016 by Michael Mimoso

Finnish security researcher Jouko Pynnonen found a second stored cross-site scripting vulnerability in Yahoo Mail in less than a year, both of which earned him $10,000 bug bounties. Continue reading Yahoo Mail XSS Bug Worth Another $10K to Researcher→

Yahoo Mail XSS Bug Worth Another $10K to Researcher

Posted on December 9, 2016 by Michael Mimoso

Multiple Critical Remotely Exploitable Flaws Discovered in Memcached Caching System

Posted on November 2, 2016 by Swati Khandelwal

Hey Webmasters, are you using Memcached to boost the performance of your website?

Beware! It might be vulnerable to remote hackers.

Three critical Remote Code Execution vulnerabilities have been reported in Memcached by security researcher Aleksandar… Continue reading Multiple Critical Remotely Exploitable Flaws Discovered in Memcached Caching System→

43+ million users affected by confirmed Weebly breach

Posted on October 21, 2016 by Zeljka Zorz

Weebly, a popular web-hosting service featuring a drag-and-drop website builder, has been breached, and email addresses/usernames, IP addresses and encrypted passwords for some 43 million users have been stolen. Unfortunately, the company did not notice the breach when it happened, around February 2016. They were notified of it once LeakedSource got its hands on the stolen data. “Unlike nearly every other hack, the co-founder and CTO of Weebly Chris Fanini fortunately did not have his … More → Continue reading 43+ million users affected by confirmed Weebly breach→

New Google Tools Help Devs Improve Content Security Policy Protection

Posted on September 27, 2016 by Michael Mimoso

Google released CSP Evaluator and CSP Mitigator to aid developers in building better Content Security Policy protections for web applications. Continue reading New Google Tools Help Devs Improve Content Security Policy Protection→

DDoS and web application attacks keep escalating

Posted on September 15, 2016 by Mirko Zorz

Akamai Technologies released its Second Quarter, 2016 State of the Internet / Security Report, which highlights the cloud security landscape, specifically trends with DDoS and web application attacks, as well as malicious traffic from bots. During May 2016, the number of attacks spiked, fueled by campaigns targeting the gaming industry “While attack sizes are decreasing, we continue to see an uptick in the number of attacks as launch tools grow increasingly pervasive and easy to … More → Continue reading DDoS and web application attacks keep escalating→

An Introduction To Web Application Security Systems

Posted on August 24, 2016 by Darknet

In the world of web application security systems, there exists a myriad of systems to protect public-facing services in any number of ways. They come packed with all the elements necessary to play an action-packed round of buzzword bingo, but they often overlap in some ways that may make them sometimes seem similar. After the second […]

The…

Read the full post at darknet.org.uk

Continue reading An Introduction To Web Application Security Systems→

Continuous security in the web application space

Posted on August 17, 2016 by Mirko Zorz

What we’re seeing in the market right now is increased consolidation among vendors. They’re buying each other, more products covering another vendor’s territory are being introduced, and this is all creating confusion for anyone trying to put together a security program. In this podcast recorded at Black Hat USA 2016, Jason Kent, VP of Product Management, Web Application Security, Qualys, talks about what continuous security means, how you can use it to identify all of … More → Continue reading Continuous security in the web application space→