Wouldn’t it be an easier life if we didn’t have to worry about the exploitation of vulnerabilities in solutions and software on which we have spent good time and resources? A world where correctly configured systems configured were left alone to perform their functions until they became redundant and/or needed replacing? It is a beautiful dream. Sadly, it’s also a highly unrealistic one.

There are times where an attacker can hack a system and yet nothing is sent back, and this is classified as a blind vulnerability. This article will explain blind vulnerability detection and how Detectify’s scanner detects them: If we simplify web hacking, it usually means that an attacker is sending some data from their computer to a server, the server processes the data and then sends something back to the attacker.

On 10 July 2019, Atlassian released a security advisory for a critical severity vulnerability in most versions of Jira Server and Jira Data Center. The vulnerability was introduced in version 4.4.0, released in 2011, and affects versions as recent as 8.2.2, released on 13 June 2019. The good news is that users of Jira Cloud are not affected. But how many organizations are running Jira Server or Jira Data Center, and are vulnerable to this attack?

As I discussed in the first blog in this series, the purpose of this series is to guide you on your journey up the Vulnerability Management Mountain (VMM). Like climbing a mountain, there is a lot of planning and work required, but when you get to the top, the view is amazing and well worth the journey. For the first phase, let’s start by planning the trip up Vulnerability Mountain. When you get ready to climb a mountain, you need gear, and you need to know what to ask for at the store.

We have written about Content Security Policy (CSP) on Detectify Labs before. But maybe you’re wondering why should you have it on your site to begin with? This article will explain why having one can prevent header exploits with attributes and common bypasses. CSP is a response header that instructs the web browser from what sources it is allowed to include and execute resources from.

If you are a security practitioner, then you may have noticed that much of the security industry exists because of vulnerabilities. Regardless of what job position you occupy, vulnerabilities are oftentimes the reason why you wake up every morning and ultimately engage infosec from within your cutting-edge working environment. Vulnerabilities will continue to arise; this is a fact of the environmental change that goes with any business or organization.

Vulnerability management is one of the core responsibilities of a security team. It covers assessing, reporting and if needed, mitigating on an organization’s security vulnerabilities. Yet vulnerabilities can be tackled with if and if only they are known to the IT security team. In order to find out vulnerabilities of a system or software, vulnerability scanning is conducted. It is a security technique whose purpose is identifying security weaknesses in a system.

When NIST (https://nvd.nist.go) announces a new CVE (Common Vulnerability and Exposure) that impacts Kubernetes, kube administrators and IT Security teams need to quickly understand the impact of the vulnerability and protect their Kubernetes clusters. Often, no patches are yet available, so in addition to understanding the impact, DevOps teams have to decide whether or not to create a custom fix to mitigate the risk of that CVE without bringing down the entire app or system.

According to CIS, “Organizations that do not scan for vulnerabilities and proactively address discovered flaws face a significant likelihood of having their computer systems compromised.” While vulnerability management (VM) isn’t new, I’ve seen it evolve a lot over my 22 years in the industry. Here are some big trends: The idea of an asset has changed and grown over the years. Back in the ‘90s, it was a PC or a server.

When I was younger, I played a variety of team sports and enjoyed competing against opponents with my teammates. Winning was always a matter of applying sound tactics and strategy, attacking and defending well and using a blend of skill, talent and luck. Now that I’m older, I watch more than I play, and I’m able to appreciate the many lessons team sports teach, especially at the professional level. With sports, we can tackle technical topics in a relatable way.