Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Indusface

indusface

Critical Apache OFBiz Zero-day AuthBiz (CVE-2023-49070 and CVE-2023-51467)

Jan 16, 2024 By Meerjada Altamas In Indusface
Cybersecurity researchers recently uncovered a critical flaw in the widely used Apache OFBiz Enterprise Resource Planning (ERP) system, CVE-2023-51467. The zero-day vulnerability CVE-2023-51467 poses a significant threat, boasting a CVSS score of 9.8. This authentication bypass vulnerability stems from an incomplete patch for a previously disclosed Pre-auth Remote Code Execution (RCE) vulnerability, CVE-2023-49070.
Read Post

Indusface WAS URL Verification - HTML File Upload Method

Jan 8, 2024 By Indusface In Indusface
Verifying the ownership of your URL is crucial when adding a new website to Indusface WAS. In order to conduct a vulnerability scan on your website or app, confirming ownership of the site or domain is essential to prevent unauthorized access. For URL Verification on Indusface WAS, you can use any of the below methods: Learn how to verify your URL ownership using the HTML File Upload method in this method.
View Video
indusface

5 Website Security Threats and How to Prevent Them

Jan 5, 2024 By Vinugayathri Chinnasamy In Indusface
With an average cost of USD 4.45 million for data breaches, the gravity of website security threats cannot be overstated. These attacks result in financial losses due to customer attrition, downtime, and disruptions and undermine customer trust. The rising numbers, increasing scale, sophistication, and impact of website security threats underline the necessity for proactive prevention measures. This article delves into 5 of the most common threats today and ways to prevent them.
Read Post

Indusface WAS URL Verification - Email Method

Dec 22, 2023 By Indusface In Indusface
URL verification on Indusface WAS via email verification link: Verifying ownership is crucial when adding a new website to Indusface WAS. You would not be allowed to scan a website without the appropriate authorization from the owner. In order to perform a URL Verification on Indusface WAS, you may use this simple email verification method and start scanning your website right away.
View Video

Indusface WAS URL Verification - Metatag Method

Dec 22, 2023 By Indusface In Indusface
Verifying ownership is crucial when adding a new website to Indusface WAS. Before conducting a vulnerability scan on your website or app, confirming ownership of the application or domain is essential to prevent unauthorized access. For URL Verification on Indusface WAS, you can use any of the below methods: Learn how to verify your URL ownership using the Meta Tag method. This method provides a secure and efficient way to gain authorization before initiating scanning activities.
View Video
indusface

Apache Struts 2 Vulnerability CVE-2023-50164 Exposed

Dec 21, 2023 By Mohammed Ansari In Indusface
On December 7th, 2023, the Apache Struts project disclosed a significant vulnerability, CVE-2023-50164, in its Struts 2 open-source web framework. Rated at a critical CVSS score of 9.8, this flaw resides within the framework’s file upload logic. Exploiting this vulnerability empowers attackers to manipulate upload parameters, potentially leading to arbitrary file upload and, under specific conditions, code execution.
Read Post
indusface

LLMs, Quantum Computing, and the Top Challenges for CISOs in 2024

Dec 18, 2023 By Vinugayathri Chinnasamy In Indusface
Amidst the ongoing surge in cyber threats, CISOs are encountering increasing challenges in their responsibilities. During a recent CISO Panel Discussion on Application Security hosted by our CEO, Ashish Tandan, CISOs Kiran Belsekar from Aegon Life and Manoj Srivastava from Future Generali expressed concerns about managing security postures and shared actionable strategies to tackle evolving threats.
Read Post
indusface

Understanding the Zimbra Cross-Site Scripting Flaw (CVE-2023-37580)

Dec 18, 2023 By Pavan Bushan Reddy In Indusface
On November 16, 2023, Google’s Threat Analysis Group revealed an alarming vulnerability in Zimbra Collaboration—a reflected cross-site scripting (XSS) vulnerability assigned CVE-2023-37580. The Zimbra Collaboration Suite (ZCS) is a software platform that combines email, calendar, contacts, file sharing, and other collaboration tools into a single integrated package. The CVE-2023-37580 allows an attacker to inject a malicious script directly into the URL parameter.
Read Post
indusface

How to Prevent SQL Injection Attacks?

Dec 7, 2023 By Venkatesh Sundar In Indusface
Are you aware of the increasing threat of SQL injection vulnerabilities?In Q4 2022, AppTrana stopped 1,111,548 of these attacks. With over a million SQL injection attacks blocked in just three months, it’s clear that web applications are under siege. How to stay ahead of the game and protect your business now? Here is a guide to understanding this OWASP top 10 vulnerability and how to prevent SQL injection attacks.
Read Post

Live API Attack Simulation

Nov 29, 2023 By Indusface In Indusface
“We have an API gateway, and the strong authentication & authorization keeps us secure.” This notion could cost you a databreach, a compliance fine or even application downtime that may erode customer trust. In this webinar, Karthik Krishnamoorthy, CTO and Vivekanand Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.
View Video

Copyright © 2024 OpsMatters™. All rights reserved.