Category Archives: Web Security

Using mod_rewrite to harden Apache

Most installations of Apache should come with the mod_rewrite module already configured and active.  For those of you that are hosting the web server on a shared hosting environment (ie: you’ve bought a generic web hosting package), then you are

Graphing Suspicious URL Relationships

10,000 websites have been compromised to redirect users to a new exploit toolkit called Nice Pack, discovered Wednesday, attempts to take advantage of flaws in users’ third-party apps, such as Java and Adobe, to install the “Zero Access Trojan,”. Malicious

MyCERT CyberSecurity Malaysia Introduce DNSwatch

Malysian CERT announced a new free service DNSwatch that will check every website address your computer is trying to access. Basically the checks are performed while you’re browsing the internet, clicking a link in an email, or running a program

Automated HTTPS Vulnerability Testing

One of main problem in HTTP protocol is encrypting traffic and verifying data security, securing the web application against any threat is very important especially that if hackers conduct a Man-in the middle attack he can get all users information

Anonymous Defaces Steals and Posts BART User Data

Hacktivist group Anonymous has hacked into myBART.org website belonging to San Francisco’s BART (Bay Area Rapid Transit) system. The attack was an SQL injection against the site and was able to extract more than 2,000 records containing names, usernames, passwords

Cross Site Scripting Vulnerabilities in Elgg <= 1.7.9

New vulnerability has been discovered in Elgg an open-source application that helps to create social networking engine, delivering the building blocks that enable businesses, schools, universities and associations to create their own fully-featured social networks and applications. Well-known Organizations with

WebSurgery- Web Security Testing Tool

WebSurgery is another suite of tools for security testing of web applications. It was designed for security auditors to help them with the web application planning and exploitation. Currently, it uses an efficient, fast and stable Web Crawler, File/Dir Bruteforcer