Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Vulnerability

What is a vulnerability management program and should your business have one?

The rapid rate of change in attack methods and techniques in today’s cybersecurity landscape has made the keeping of an environment secure increasingly more difficult, causing many to fall into a dangerous state of simply reacting to current threats.

What's the Difference Between Penetration Testing and Vulnerability Scanning?

Is your network secure from outside attacks? What steps is your organization taking to keep its intellectual property and client data safe? Penetration and vulnerability scanning are two tools that can help identify gaps in your network security. In this article, we’ll look at how you can use these tools to evaluate your companies risk factors and whether penetration testing or vulnerability scanning is the right solution for you.

Top 10 Most Critical CVEs Added in 2020

Our global community of hand-picked Detectify Crowdsource ethical hackers are the reason we are able to automate security research so quickly to protect web applications from attack. This past year, we received a record 1300+ submissions from the community including over 180 zero-day vulnerabilities! Every module and security test we build from these hacker-submitted vulnerabilities helps us make the internet more secure.

Detect CVE-2020-8554 using Falco

CVE-2020-8554 is a vulnerability that particularly affects multi-tenant Kubernetes clusters. If a potential attacker can create or edit services and pods, then they may be able to intercept traffic from other pods or nodes in the cluster. An attacker that is able to create a ClusterIP service and set the spec.externalIPs field can intercept traffic to that IP. In addition, an attacker that can patch the status of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.

Web Application Security Testing Tools - SWAT Findings

The Secure Web Application Tactics (SWAT) by Outpost24 offers customers a combination of state-of-the-art scanning tools and security experts to provide the most accurate and reliable web application scanning solution available in the market. SWAT does not interfere with daily operations and delivers results with zero false-positives.

Web Application Security Testing Tools - SWAT Reporting

The Secure Web Application Tactics (SWAT) by Outpost24 offers customers a combination of state-of-the-art scanning tools and security experts to provide the most accurate and reliable web application scanning solution available in the market. SWAT does not interfere with daily operations and delivers results with zero false-positives.

New Vulnerability Exposes Kubernetes to Man-in-the-Middle Attacks: How to Mitigate CVE-2020-8554

A few weeks ago a solution engineer discovered a critical flaw in Kubernetes architecture and design, and announced that a “security issue was discovered with Kubernetes affecting multi-tenant clusters. If a potential attacker can already create or edit services and pods, then they may be able to intercept traffic from other pods (or nodes) in the cluster.” If a hostile user can create a ClusterIP service and set the spec.externalIP field, they can intercept traffic to that IP.

How attackers exploit the WordPress Easy-WP-SMTP zero-day

On November 6th, 2019, Detectify added security tests for 50+ of the most popular WordPress plugins, including Easy-WP-SMTP. Although the zero-day affecting Easy-WP-SMTP (CVE-2020-35234) was recently patched, WordPress estimates that many of the 500,000+ active installs of the plugin remain unpatched. Detectify scans your applications for this vulnerability and alerts you if you are running a vulnerable version of WordPress and WordPress plugins.