Read more articles in Cenzic SmartAttack Updates for Web Vulnerabilities
|
 |
| April 17, 2009 | | The IBM WebSphere Application Server XML Digital Signature Security Vulnerability is now detectable in the Cenzic Web Server SmartAttack | As of April 17, 2009, Cenzic can now detect the IBM WebSphere Application Server XML Digital Signature Security Vulnerability (BugtraqID 34506). This issue affects the XML Digital Signature Specification in the Web Services Security component and can expose sensitive information to help attackers launch further attacks. Cenzic also enhanced its Session ID Identification SmartAttack (Version 1.0.8) so it now has extended support to custom names of session tokens and is enabled with improved detection mechanisms. This update will also strengthen dependent SmartAttacks such as CSRF and Clickjacking. Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to better detect "holes" in Web applications. These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types. by
Erin Swanson
ESwanson@cenzic.com | | |
|
|
