• Subscribe to the low volume list for updates.

Blog

Tools

Automated Web Application Scanners

I stumbled across some interesting reading around open source vs commercial and the future of web application scanning. From the Watchfire blog there is a good discussion with an interesting post and some good comments. A near perfect web application security site testing tool is a difficult thing to achieve, I liken it to the […]
Read More
13 years ago
Tools

Nessus Scanning – Command Line

Now that we have outlined the basics of the command line nmap scan (remember that when it comes to security tools the gui is for chumps) I will now go on and build on that knowledge with some Nessus command line ninja moves. Firstly you need to install your Nessus Server onto your linux box. […]
Read More
13 years ago
Security Breaches

Increased attacks on Legitimate websites

A recent trend micro report examines the increasing number of legitimate web sites that are being attacked by cyber criminals. Schools, government and big business are all targets. A compromised web site is then used to deliver malware to any visitor who loads that web page. According to research from Trend Micro’s TrendLabsSM: Hackers are […]
Read More
13 years ago
Site Updates

Press Release – New Free Scan Options Launched

HackerTarget.com, the world leader in online open source vulnerability analysis has launched a new online service aimed at webmasters and web hosting companies that utilizes some the worlds best vulnerability analysis tools. Recently legislation in Germany and proposed legislation in the United Kingdom has been highlighted by HackerTarget.com as detrimental to online security. The laws […]
Read More
13 years ago
Security Breaches

UN and other high profile web sites compromised

More attacks on high profile web sites. It is clear from this article that the attackers found the victim sites by scanning servers and pouncing on the found vulnerabilities. The compromised servers were then used to serve up malicious code to build a botnet. It is highly likely regular vulnerability analysis would have saved these […]
Read More
13 years ago
Security Breaches

Mpack Author Interview

This article over at SecurityFocus has some eye opening comments from the authors of the Mpack exploitation kit. The increasing popularity of compromised websites being used as an exploitation platform against end users is becoming a worrying trend. There are a couple of tongue in cheek comments like these - Do you feel sorry for […]
Read More
14 years ago
Security Breaches

Stopbadware.org – Security Tips

There is some good information to be found at Stopbadware.org on securing a web site and ongoing efforts to eliminate the threat of malware being served up by compromised hosts and rogue web hosting companies. Basic security tips and tricks 5 steps to make your site more secure: Use strong passwords. Use SSH and SFTP […]
Read More
14 years ago
Security Breaches

Network Computing | Vulnerability Assessment Scanners

The first paragraph of this Network Computing Feature should be a wake up call for anyone on the internet who does not take security of their servers seriously. Following on from the first alarming paragraph is a lengthy 9 page feature on various vulnerability scanners. The article clearly demonstrates that while vulnerability assessment is not […]
Read More
14 years ago
Security Breaches

The June07 Mpack attack

On 18th of June a large scale attack was uncovered at an Italian based Web Hosting company. Websense reported that over 10'000 sites were compromised and used to serve malware to unsuspecting end users. SANS Internet Storm Center had some good analysis of the Mpack exploit package that was used with a follow up story […]
Read More
14 years ago