January 26th, 2012 
Mourad Ben Lakhoua WordPress CMS is now open to several vulnerabilities that allow an attacker to conduct SQL injection and run a malicious javascript on visitor’s machine over a cross site scripting bug. Actually the bug exist during the installation process so in order to take control on the remote webserver there are condition required which an incomplete [...]
Posted in Vulnerabilities, Vulnerabilities & attacks 
Tags: CMS, Web Security, Website Hacking, WordPress, Zero-day 
No Comments » January 25th, 2012 Mourad Ben Lakhoua One of the most dangerous and common threats to a company’s web security is unrestricted Internet access. In a well-intentioned but ill-advised attempt to show users they are trusted, or from the false assumption that restricting or monitoring Internet access is bad for morale and too much work, companies frequently prefer to rely on their [...]
January 17th, 2012 Mourad Ben Lakhoua Usually if we say Google than many people would directly link this word to search engines or Gmail, but Today Google have many interesting services that concern any person who are using internet, here you can find a short video by Matt Cutts that dive deeply with malware detection services at Google, including what to [...]
Posted in Web Security Tags: Google, Google Webmaster, Infected websites, Malwares, Web Security No Comments »
January 10th, 2012 Mourad Ben Lakhoua Nginx is getting more and more used by popular website, if we look at netcraft 9.63% of internet are today using nginx based webserver, this including huge websites such as Rambler, wordpress.com ,Sourceforge.net and vkontakte.ru. These website needs a big performance for serving millions of visitors daily if we talk about vontakte than it’s the [...]
Posted in InfoSec, Open-Source, Tools, Web Security Tags: Naxsi, Nginx, WAF, Web Application Firewall, Web Security, Websecurity No Comments » November 29th, 2011 Mourad Ben Lakhoua System administrator’s main focus is protecting corporate information resources, one of major source of threats is Internet and we need to be very careful in dealing with unreliable access to Web resources, if we talk about security professionals than we usually have no issue as they understand risks and different online threats while this is [...]
November 24th, 2011 Mourad Ben Lakhoua HTTPWatch is an advanced tool for analyzing traffic transmitted over web application, the tool integrates add-on for different web browsers to monitor and sniff network traffic. After installing the tool you will have the following tabs: Overview here you will find useful information about all action performed when visiting the website including GET/POST. Time Chart [...]
November 14th, 2011 Mourad Ben Lakhoua Most installations of Apache should come with the mod_rewrite module already configured and active. For those of you that are hosting the web server on a shared hosting environment (ie: you’ve bought a generic web hosting package), then you are forced to edit a file named .HTACCESS in order to setup the securities for your [...]
