Scripting Scanner Download

Protecting your site from Cross Site Scripting is very important these days and if you haven't taken the precautions for this, you can Download Your Free Acunetix XSS Scanner today and yes, I said it's free.

There are literally hundreds of examples of cross-site scripting vulnerabilities available publicly. Just a couple examples to illustrate the different types of holes will be listed here.

An example of a type 0 vulnerability was once found in an error page produced by Bugzilla where JavaScript was used to write the current URL, through the document.location variable, to the page without any filtering or encoding. In this case, an attacker who controlled the URL might have been able to inject script, depending on the behavior of the browser in use. This vulnerability was fixed by encoding the special characters in the document.location string prior to writing it to the page.
A famous example for type 1 XSS vulnerabilities: Two XSS vulnerabilities in Google.com website were identified and published by Yair Amit in December 2005. The vulnerabilities allowed an attacker to impersonate legitimate members of Google's services or to mount a phishing attack. This publication presented an obscure way to bypass common XSS countermeasures by using UTF-7 encoded payloads.

What is Cross Site Scripting?
Cross Site Scripting allows an attacker to embed malicious JavaScript, VBScript, ActiveX, HTML, or Flash into a vulnerable dynamic page to fool the user, executing the script on his machine in order to gather data. The use of XSS might compromise private information, manipulate or steal cookies, create requests that can be mistaken for those of a valid user, or execute malicious code on the end-user systems. The data is usually formatted as a hyperlink containing malicious content and which is distributed over any possible means on the internet. Cross site scripting vulnerabilities are extremely dangerous and the number of the attacks is on the rise. More information about Cross Site Scripting can be found at http://www.acunetix.com/websitesecurity/cross-site-scripting.htm

Many a large-scale corporation has fallen prey to Cross Site Scripting (XSS), as it is one of the most common yet underestimated of web attacks. In August 2006, hackers stole the personal data of nearly 19,000 DSL equipment customers through a vulnerability in AT&T’s online store. Whereas in June 2006, PayPal users were tricked into giving away social security numbers, credit card details and other highly sensitive personal information through a cross site scripting vulnerability in the PayPal website.

A report from Mitre Corp., a US government funded research organization, issued in September 2006 indicated that Cross-Site scripting ranked first in a list of top security risks. In a study conducted by Acunetix, 42% of the websites scanned with Acunetix WVS were found to be vulnerable to Cross Site Scripting.

“Companies don’t realize the danger their web sites are under and are therefore reluctant to invest in web vulnerability scanners. Consequently, security officers don’t have the tools to protect their websites. The free XSS scanner will give security officers access to a professional cross site scanning tool, that will allow them to assess their web sites for the cross site scripting danger,” said Jonathan Spiteri, Technical Manager of Acunetix.

Scanning for XSS vulnerabilities with Acunetix WVS Free Edition
To check whether your website has cross site scripting vulnerabilities, download the free edition from http://www.acunetix.com/cross-site-scripting/scanner.htm. This version will scan any website / web application for XSS vulnerabilities and it will also reveal all the essential information related to it, such as the vulnerability location and remediation techniques. Scanning for XSS is normally a quick exercise (depending on the size of the web-site). A detailed guide how to scan for cross site scripting vulnerabilities can be found here http://www.acunetix.com/websitesecurity/xss.htm.

The Free Edition also allows you to sample what other threats Acunetix WVS can find by allowing you to scan the Acunetix test sites for vulnerabilities.

About Acunetix Web Vulnerability Scanner
Acunetix Web Vulnerability Scanner ensures website security by automatically checking for SQL injection, Cross site scripting and other vulnerabilities. It checks password strength on authentication pages and automatically audits shopping carts, forms, dynamic content and other web applications. As the scan is being completed, the software produces detailed reports that pinpoint where vulnerabilities exist. Acunetix WVS Reporting Application allows security alerts to be presented in a document which abides by the PCI Compliance specification.

About Acunetix
Acunetix was founded to combat the alarming rise in web attacks. Its flagship product, Acunetix Web Vulnerability Scanner, is the result of several years of development by a team of highly experienced security developers. Acunetix is a privately held company with headquarters based in Europe (Malta) and an office in London, UK. For more information about Acunetix, visit: http://www.acunetix.com; http://www.acunetix.de.

Who Do YOU Think the Best Web Host Is?

I will be getting my own website and domain soon and would really love to hear who you think the best web hosts are. Please vote in the poll and if the your choice is not here you can add it under other. You can also tell me who it is and why with a comment.

Take Action Against Spammers

I just recently noticed my entire content on another site without my permission. They are getting it through my feed. Don't ask me how because I really don't know how it all works. I will tell you this. If you come across a site that has "taken" your content, then you need to do a couple of things.
First, you need to leave a comment asking them to remove the content from their site.
Second, you need to report it. The site I found was on Blogspot, so I reported it to Blogger, as well as, Google.
Third, you can put a warning in your feed footer. Something like "if you are not reading this at ______, then you are reading stolen content." I would also include an email so they can inform you of any thieves they come across.

I came across an informative article on this just a few minutes ago. Check out "How to Complain and Report Spam Blogger Blogs" over at Quick Online Tips.

Darren, over at Problogger was kind enough to reply to my email about this situation. He was already aware of the situation because his content is on this site as well. Thank you Darren for the lightning fast reply to my email.

WTF Does C Stand for Anyways?

After days and days of trying to figure out what the f does C stand 4 over at Cman's Money Page, I have finally decided to give an answer. I wanted to pick one that no one else has picked so here it goes----COWBOY.

You can enter his contest too by guessing what the C in Cman stands for. If you guess it right, you could be the winner of $100 smackaroos! If there are no correct guesses there will still be a nifty prize for one lucky loser;)


I encourage you, not only, to enter his contest but also to browse through his articles. He writes some valuable content on how to make money online and wants to help you have a profitable and productive blogging venture.

Get Your Boat into Shape at DougRussel.com

We recently were given a boat that is around 20 plus years old and was in need of some boat parts. Aside from needing a complete physical makeover, it also needed some kind of pack that makes it run, a battery, and a transmission. It's really hard to find these parts around here in west Texas so I had to go online. That's when I came across DougRussel.com. You can buy from their website or even their ebay auctions. They have thousands of parts, trailers, and you can even buy a boat from them if you want!! If you're boat is sitting out there like ours was, then you need to head on over and get your boat parts ordered so you can enjoy the rest of the summer or perhaps some fall fishing.