Home / Companies / Detectify / Blog / February 2019

February 2019 Summaries

3 posts from Detectify

Filter
Month: Year:
Post Summaries Back to Blog
Detectify consistently updates its security tool every two weeks with new findings, features, and improvements based on input from its security researchers and the Crowdsource ethical hacker community, although not all updates can be publicized due to confidentiality agreements. Recent updates to the Detectify scanner include tests for several security vulnerabilities, such as an open redirect issue in Oracle E-Business Suite, a cross-site scripting (XSS) vulnerability in the same suite, open access exposure in the old CruiseControl CI tool, a stack trace disclosure in FinalBuilder, an SQL injection vulnerability in the Joomla! jmultiplehotelreservation extension version 6.0.7 and below, and potential exposure risks in MongoDB due to insecure HTTP interface configurations.
Feb 21, 2019 239 words in the original blog post.
Detectify releases major security updates bi-weekly to keep its tool current with new findings, features, and improvements derived from its security researchers and the Crowdsource ethical hacker community, though confidentiality agreements limit the disclosure of specific updates. Recently, enhancements included addressing vulnerabilities such as the SQL injection in the Joomla! J-CruisePortal extension, misconfiguration risks in OPcache Status that could expose PHP instance information, and a reflective XSS vulnerability in the Hydra identity management tool, with detailed information and patches provided through external links for further technical insight.
Feb 07, 2019 209 words in the original blog post.
In collaboration with Malwarebytes, this article offers web browsing security tips for both workplace users and web developers, focusing on the implementation of response HTTP-headers to enhance browser security. Key headers discussed include X-Content-Type-Options to prevent MIME sniffing, X-XSS-Protection for enabling cross-site scripting filters, and Set-Cookie attributes such as HttpOnly, Secure, and SameSite to safeguard cookies against various attacks. Additionally, it highlights the importance of the Clear-Site-Data header for clearing user data upon logout, the Referrer-Policy for managing Referer header data, and the Content-Security-Policy for controlling resource handling to reduce attack surfaces. The article also suggests using tools like Detectify for automated vulnerability scanning to ensure secure header implementation, while encouraging users to explore Malwarebytes' recommendations for safe internet browsing practices.
Feb 05, 2019 1,202 words in the original blog post.