Home / Companies / Detectify / Blog / April 2016

April 2016 Summaries

2 posts from Detectify

Filter
Month: Year:
Post Summaries Back to Blog
A Content Management System (CMS) is a tool used to create, manage, and organize content on websites or web services, with WordPress being one of the most widely used examples. While different CMS platforms have varying levels of vulnerability, it is challenging to determine which is the most secure or vulnerable, as noted by expert Johan Edholm from Detectify. WordPress, due to its popularity, often reports more vulnerabilities, partly because it is scrutinized more closely and is a frequent target for cyber attacks. Edholm advises users to focus on the platform itself and to be cautious with plugins to enhance security. For those interested in more IT security insights, additional information can be found in other parts of the IT Sec FAQ series.
Apr 12, 2016 196 words in the original blog post.
The OWASP Top 10 2021 update highlights injection vulnerabilities, now including Cross-site Scripting (XSS), as the most prevalent security threat, though it has moved to third place. Injection vulnerabilities, particularly SQL injection, occur when untrusted data is sent to an interpreter, often found in database queries and other commands, posing significant risks such as data theft or system takeover. The text discusses the widespread nature of these vulnerabilities, especially in legacy systems, and notes that even major corporations like Sony and MySQL have faced attacks. Detecting these vulnerabilities can be challenging without visible feedback, but automated security tools like Detectify can help identify over 700 vulnerabilities, including those in the OWASP Top 10. Remediation strategies include using parameterized queries or carefully escaping special characters to prevent exploits, as exemplified in a code snippet illustrating a typical SQL injection scenario.
Apr 06, 2016 1,108 words in the original blog post.