Home / Companies / Detectify / Blog / September 2018

September 2018 Summaries

5 posts from Detectify

Filter
Month: Year:
Post Summaries Back to Blog
September 30th marks International Podcast Day, and to celebrate, a curated list of web security podcasts has been shared, providing insights into web security news, research, and best practices. These podcasts cover a range of topics, including data privacy, cybersecurity tips, and insights from professionals such as bug bounty hunters and CISOs. Notable podcasts include the Application Security Podcast, which discusses foundational security topics and features interviews with industry experts; Darknet Diaries, which tells true hacker stories; Down the Security Rabbithole, offering educational insights from various security influencers; 7 Minute Security, focusing on penetration testing; Smashing Security, a tech news podcast with a humorous twist; Säkerhetspodcasten, a Swedish security podcast with interviews and panel discussions; and The CyberWire, which delivers concise daily cybersecurity news. Each podcast brings unique perspectives and stories, making them valuable resources for anyone interested in enhancing their web security knowledge.
Sep 30, 2018 923 words in the original blog post.
Roberto Giachetta, a backend developer at Detectify, shares his journey from a childhood interest in strategy video games to a successful career in software engineering and teaching. Initially captivated by creating game levels, Roberto pursued computer science at Eötvös Loránd University in Hungary, where he became a teaching assistant, receiving positive feedback for his ability to simplify complex concepts. While working on his Ph.D., Roberto balanced teaching with developing at the Institute of Geodesy, Cartography, and Remote Sensing. In 2017, he moved to Sweden, drawn to Detectify's mission of making the internet safer and its innovative approach to technology. At Detectify, Roberto values the team's quality, the company's mission, and the opportunity to have a significant impact. He emphasizes the importance of continuous learning and staying updated with technological trends, believing that curiosity and evolution in one's work are crucial.
Sep 28, 2018 776 words in the original blog post.
Detectify has updated its security tool with new findings and features every two weeks, based on contributions from its security researchers and the Crowdsource ethical hacker community, although the specifics of all updates cannot be publicly disclosed due to confidentiality agreements. Recent improvements include the addition of tests for vulnerabilities reported by ethical hackers, such as information disclosure issues with Jolokia due to default configurations, stored XSS vulnerabilities in WordPress plugins like Loginizer and iThemes Security, XSS problems in the Atmosphere Framework's JSONP endpoint, and a remote code execution vulnerability in the WordPress Duplicator plugin. These updates aim to enhance the security scanning capabilities of Detectify, and users are encouraged to begin scans for the latest vulnerabilities, with options available for both new users and existing account holders.
Sep 21, 2018 525 words in the original blog post.
Effective cybersecurity for organizations and web applications requires a combination of bug bounty programs and automated security scanning to address vulnerabilities. Bug bounty programs engage ethical hackers to identify and report security issues in exchange for rewards, while automated scanners like Detectify perform regular wide-scale sweeps to uncover common vulnerabilities. These methods complement each other by leveraging crowdsourced knowledge and advanced research findings to enhance security coverage. Automated scanners can identify common vulnerabilities, allowing bug bounty hunters to focus on more complex issues. Continuous coverage is achieved by combining both strategies, with automated scans providing regular audits and bug bounty programs offering targeted insights. The collaboration also fosters security awareness within organizations, educating security and development teams on vulnerability detection and prevention. Detectify enhances bug bounty efforts by incorporating validated vulnerabilities into its scanning tool, updating it bi-weekly, and allowing users to adjust scanning scopes to target specific areas and share findings with developers to facilitate remediation.
Sep 20, 2018 724 words in the original blog post.
Detectify's security updates, released every two weeks, incorporate new findings and improvements from its security researchers and the Crowdsource ethical hacker community to ensure its scanner tool remains current. Recent updates include the addition of tests addressing several vulnerabilities such as a Remote Code Execution (RCE) in Apache Struts, fingerprinting for exposed administration tools, and vulnerabilities in platforms like PrestaShop and Liferay. The updates also cover misconfigurations in technologies such as ACME and Socket.IO, which can lead to issues like clickjacking and session ID exposure, respectively. While not all updates can be disclosed due to confidentiality agreements, these vulnerabilities have been addressed and integrated into the Detectify scanner for immediate use by all users.
Sep 06, 2018 468 words in the original blog post.