-
Check whether your web server is correctly configured
Last year Zone-H reported a record number of 1.5 million websites defacements. 1 million of those websites where running Apache. When it comes to configuring a web server, some people tend to turn everything on by default. Developers are happy because the functionality that they wanted is available without any extra configuration, and there is…
-
Apache HTTP DoS tool released
Yesterday an interesting HTTP DoS tool has been released. The tool performs a Denial of Service attack on Apache (and some other, see below) servers by exhausting available connections. While there are a lot of DoS tools available today, this one is particularly interesting because it holds the connection open while sending incomplete HTTP requests…
-
Google gives away a free web application security scanner
Google announced the release of ratproxy, a passive web application security assessment tool that they’ve been using internally at Google. This utility, developed by their information security engineering team, is designed to transparently analyse legitimate, browser-driven interactions with a tested web property and automatically pinpoint, annotate, and prioritize potential flaws or areas of concern. The…
-
Search your code for vulnerabilities
I’m a big fan of PHP_CodeSniffer and I think it’s a great development tool, it ensures that you write code that is easy to read and maintain. But, what about making sure that the code you write is secure and doesn’t have any vulnerabilities? Right, there’s another tool for that… PHP Security Scanner is a…
-
Web Application Security Scanner
Web security is possibly today’s most overlooked aspect of securing the enterprise and should be a priority in any organization. Recent research shows that 75% of internet attacks are done at web application level. Web application security scanners ensure website security by automatically checking for SQL injection, Cross site scripting and other vulnerabilities. There are…
Federico Cargnelutti 