Read more articles in Cenzic SmartAttack Updates for Web Vulnerabilities
|
 |
| March 30, 2009 | | With updates to 5 of its SmartAttacks, Cenzic provides even more robust Web application security | On March 27, 2009, Cenzic updated many of its SmartAttacks to ensure the most robust protection against hacker attacks in the Web application security market. Read details below. - Web Server Configuration SmartAttack: Cenzic now protects against the PHP 'proc_open()' Environment Parameter Safe Mode Restriction-Bypass Vulnerability (BugtraqID 32717).
PHP is prone to a 'safe_mode' restriction-bypass vulnerability. Successful exploits could allow an attacker to bypass some safe-mode restrictions. - Parameter Addition (Version 1.0.4)
Enables Hailstorm users to control the number of injections performed by each Fault Injector SmartAttack on specific fields in the Web application - LDAP Exception (Version 1.0.2)
Same as above - LDAP Injection (Version 1.0.8)
Same as above - Cross-Frame Scripting (Version 1.2.5)
This SmartAttack has been improved for robustness, efficiency, accuracy and customization ability
Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to use when it emulates a hacker and attacks our customer’s Websites to detect their security posture. These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types. by
Erin Swanson
Eswanson@cenzic.com | | |
|
|
