What's New | Cenzic Security Blog

PHP 5 'posix_access()' Function 'safe_mode' Bypass Directory Traversal Vulnerability

Fri, 05 Sep 2008 20:44:57 -0400

Cenzic provides enhanced support for PHP 5 'posix_access()' Function 'safe_mode' Bypass Directory Traversal Vulnerability

Cenzic’s SmartAttack arsenal now has enhanced support for PHP 5 'posix_access()' Function 'safe_mode' Bypass Directory Traversal Vulnerability (BugtraqID 29797).

To learn more details on how you can automatically update your Cenzic Hailstorm product, visit our Website.

Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to use when it emulates a hacker and attacks our customer’s Websites to detect their security posture. These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types.

by
Erin Swanson
ESwanson@cenzic.com

Visit Cenzic Booth #303 at the Forrester Security Forum

Wed, 03 Sep 2008 15:53:39 -0400

Attending this week’s Forrester Security Forum in Boston? Then visit Cenzic booth #303.

If you are in Boston during September 4-5 and are attending Forrester’s Security Summit at the Westin Waterfront Hotel, then stop by the Cenzic booth (#303) for a chance to meet with analysts and audience members. Forrester expects 250-300 people to attend tomorrow’s event. And one of our favorite analysts, Chenxi Wang, Ph.D. will be speaking.

Here’s a summary of the Forrester event:

Conquer today's most difficult security threats. Learn how to manage risk as technologies such as Web 2.0, mobile computing, and virtualization disrupt standard security models.
Gain influence at the executive level. Develop processes that consistently align with business priorities and deliver measurable results.
Build operational risk, security, and compliance excellence. Meet current challenges and prepare for next-generation security threats by focusing on operational excellence.

by
Angel Oberoi
AOberoi@cenzic.com

Apache Tomcat 'HttpServletResponse.sendError()' Cross-Site Scripting Vulnerability

Fri, 29 Aug 2008 15:38:34 -0400

Cenzic provides enhanced support for Apache Tomcat 'HttpServletResponse.sendError()' Cross-Site Scripting Vulnerability

Cenzic’s SmartAttack arsenal now has enhanced support for Apache Tomcat 'HttpServletResponse.sendError()' Cross-Site Scripting Vulnerability (BugtraqID 30496).

By the way, this vulnerability marks a brand new SmartAttack that Cenzic now supports: LDAP Exception.

To learn more details on how you can automatically update your Cenzic Hailstorm product, visit our Website.

Have a great Labor Day Weekend, everyone!

by
Erin Swanson
ESwanson@cenzic.com

IDC White Paper on Application Security: No Room for False Positives

Fri, 29 Aug 2008 14:34:40 -0400

Read white paper from IDC on the high costs of false positives in application security scanners

Get this informative white paper from IDC to see how false positives in application security scanners can costs organizations up to $25,000 for each application. And that doesn’t include the worse outcome. When companies realize their products are yielding wildly inaccurate results, they usually discard Web application testing altogether. And when that happens, the actual cost is immeasurable when a breach occurs.

I’m busy placing this white paper behind our usual Web registration form, but as a faithful Cenzic blog reader, you can get it by a simple email request. I look forward to hearing from you.

by
Erin Swanson
Eswanson@cenzic.com

Application Security: Free Software & Evals from Cenzic

Wed, 27 Aug 2008 21:13:15 -0400

Looking to secure your applications? Request an evaluation or get free software from Cenzic.

Secure your Web applications against Hacker attacks with Cenzic’s risk management solutions. We go beyond signature-based technology to automatically find more *real* vulnerabilities fast.

We’ve provided you with 4 free options to prove to you how quick and easy it is to protect your applications. Request an evaluation of our enterprise or professional products or download our Core and Starter products. See the comparisons below.

So take our products for a test drive – what do you have to lose?

by
Erin Swanson
ESwanson@cenzic.com

	Hailstorm® Enterprise ARC™	Hailstorm® Professional	Hailstorm® Core	Hailstorm® Starter
Shared Database	Yes	No (desktop only)	No (desktop only)	No (desktop only)
Dashboard	Full	Partial	No	No
SmartAttacks	Complete	Complete	Limited: 5 attacks	Limited: 1 attack
Web UI	Yes	No	No	No
Available for re-sale	Yes	Yes	No	No
User Admin	Yes	Yes	No	No
SmartAttack™ Editor (editing capabilities)	Yes	Yes	No	No
	Request Evaluation	Request Evaluation	Download	Download

Win Love in Rusia

Tue, 26 Aug 2008 09:47:51 -0400

Russian hackers attack Georgian servers

This was the cryptic message found in HTTP, SYN, and ICMP floods against Georgian servers: "Win+love+in+Rusia." While I won’t comment in detail about the cyber attacks I will say that at face value something seems wrong with that message. Russia is misspelled. With at least a correlation between the attacks and RBN owned addresses, clearly the attackers I believe know how to spell the name "Russia." So I put the string through an anagram generator and got some interesting results, namely, "Rival Wise Union."

Am I 100% sure that this was a secret message embedded within the attacks? No. But it’s an interesting data point to be sure.

by
Tom Stracener
Tom@cenzic.com

Apache Tomcat UTF-8 Directory Traversal Vulnerability

Fri, 22 Aug 2008 15:04:48 -0400

Cenzic provides enhanced support for Apache Tomcat UTF-8 Traversal vulnerability

Cenzic’s SmartAttack arsenal now has enhanced support for Apache Tomcat UTF-8 Directory Traversal vulnerability (BugtraqID 30633).

To learn more details on how you can automatically update your Cenzic Hailstorm product, visit our Website.

Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of product is updated with the latest vulnerabilities (custom, commercial, and open-source) to use when it emulates a hacker and attacks our customer’s Websites to detect their security posture. These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types.

by
Erin Swanson
ESwanson@cenzic.com

Q2 2008 Trends Report from Cenzic

Wed, 20 Aug 2008 22:31:10 -0400

Web application security trends report for Q2 2008 from Cenzic

Cenzic, the leading Web application security provider, released their Q2 2008 Trends Report on August 25.

Here’s a summary of what the report entails.

Cenzic analyzed reported information for April 2008 through June 2008 from vulnerability sources such as SecurityFocus, CVE, SANS, USCERT, SecurityTracker, and other third party databases and found these top 10 vulnerabilities listed below. Among the top 10 issues, the usual suspects like Adobe, IBM, Sun, and QuickTime show the most vulnerabilities.

Top 10 Vulnerabilities for Q2 2008

Adobe Flash Player cross-site request forgery vulnerability
Adobe Flash Player DeclareFunction2 arbitrary code execution
Bugzilla Cross-Site Scripting Vulnerability via ‘id’ parameter
QuickTime Heap Overflow in PICT file processing lets remote attackers execute arbitrary code
IBM Lotus Domino HTTP header buffer overflow
Sun Java System Web Server Cross-Site Scripting
Quicktime AAC-Encoded media handling bug lets remote attackers execute arbitrary code.
IBM Workspace vulnerabilities allow a remote attacker to conduct Cross-Site Scripting and Cross-Site Request Forgery.
Adobe Acrobat and Adobe Reader arbitrary code execution.
Sun Java System Access Manager allows remote code execution via malformed XML Signature

by
Erin Swanson
Eswanson@cenzic.com

Cross-Site Scripting v Blind SQL Injection: What’s More Harmful?

Tue, 19 Aug 2008 19:12:59 -0400

In the battle of vulnerabilities, Cross-Site Scripting beats Blind SQL Injection every time

The most common question we get from customers and prospects alike is, “Why does Cross-Site Scripting beat Blind SQL Injection?” In the the battle of vulnerabilities, Cross-Site Scripting will outweigh a gruesome database manipulation every time.

As the person who created Cenzic’s HARM (Hailstorm Application Risk Metric) scoring system, let me start with the short answer: Cross-Site Scripting is a vulnerability that you can do more with because it gives you more choices. You can spoof a form and steal login credentials; you can redirect the browser and trojan the browser or rootkit the machine; you can create a little iframe and steal information from the page; you can steal a session cookie and take over a user's session; and if you are really feeling lucky, you can redirect the user thorugh a reverse proxy and exploit a browser flaw to rewrite the address bar and slurp all the tasty details of their session. Simply put: it presents more attack vectors. Oh, and with a script source tag you can hijack the browser and create a browser zombie. Quantify that.

I just created a white paper for all Cenzic customers on how I designed the Cenzic HARM scoring system, including algorithms and impact area weighting. Nice and technical.

So if you are a Cenzic customer, speak to Erin Swanson in Marketing (ESwanson@cenzic.com) and provide her with your full contact information (including work email) and she’ll give you a copy.

by
Tom Stracener
Tom@cenzic.com

Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability

Fri, 15 Aug 2008 20:39:06 -0400

Cenzic provides enhanced support for Apache Tomcat SingleSignOn remote information disclosure vulnerability

Cenzic’s SmartAttack arsenal now has enhanced support for Apache Tomcat SingleSignOn remote information disclosure vulnerability (BugtraqID 27365).

To learn more details on how you can automatically update your Cenzic Hailstorm product, visit our Website.

Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of product is updated with the latest vulnerabilities (custom, commercial, and open-source) to use when it emulates a hacker and attacks our customer’s websites to detect their security posture. These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types.

by
Erin Swanson
ESwanson@cenzic.com

BlackHat Vegas 2008 Capsule

Fri, 15 Aug 2008 20:18:52 -0400

Summary of the recently held BlackHat event in Vegas

We had another successful BlackHat event this year - the Caesars Hotel hosted over 5,000 attendees and a tons of sessions. The event keeps growing in popularity and organizers do a decent job of keeping everything under control.

Like last year, I didn't get a chance to attend too many sessions since most of my time was spent networking and talking to people which is usually more interesting anyway. Some people commented to me that a lot of the sessions were similar to last year and there wasn't a lot of new content. We can't be running out of content!

I did get a chance to attend the "Get Rich or Try Dying" session by Jeremiah Grossman and Trey Ford and "Google Gadget Security" by Tom Stracener of Cenzic and RSnake. Both of these sessions were very well attended with standing room only and were very interesting.

The speaker party on Tuesday night (sponsored by Cenzic and Google) was very successful. We had over 300 attendees on the rooftop Penthouse suite. After a few drinks, people even braved the 100 degrees temperature with high humidity. I guess it goes with the territory -- when you are in the security world, you have to brave situations tougher than 100 degrees.

Based on all my conversations, one revelation for me was that there are still a lot of companies who aren't doing anything for application security. In fact, of the 200+ people I talked to, over two-thirds of them are starting to look at app security now and are hoping to have something in place by the end of the year.

That means both bad and good news.

Bad news is that there are still millions of applications vulnerable and ripe for hackers. Good news is that a lot of companies are starting to take steps toward securing their applications. Whether it's driven by PCI or brand protection, we'll take good intentions in any shape or form. Hopefully by next BlackHat, we'll be talking to people who have secured their apps and are talking about wireless or some other security issues.

by
Mandeep Khera
Chief Marketing Officer
Cenzic, Inc.

Got HP SPI Dynamics? Consider Cenzic.

Thu, 14 Aug 2008 22:28:29 -0400

20/20 program for all HP SPI Dynamics customers to switch to Cenzic Hailstorm

If you are currently using HP SPI Dynamics for your Web application security needs, Cenzic is has a special 20/20 program!

We are so confident in our Web application security product (Cenzic Hailstorm) that we can guarantee finding 20% more “real” vulnerabilities and render at least 20% less false positives than HP SPI Dynamics.

If we live up to this challenge, we’ll give you a credit of 50% off your original SPI purchase (up to $20,000) towards your new Cenzic Hailstorm solution.

If we don’t, then you’ll receive a complimentary Cenzic Hailstorm solution (at no charge) for one person for one full year.

Either way you win and get better vision into real Web application security.

So what are you waiting for? Fill in the Web registration form to get Cenzic’s superior product today. The longer you wait, the more susceptible you are to a hacker attack.

by
Erin Swanson
ESwanson@cenzic.com

Cross-Site Scripting Vulnerability for Apache ‘mod_proxy_ftp’ Wildcard Characters

Thu, 14 Aug 2008 21:24:40 -0400

Cenzic provides enhanced support for cross-site scripting vulnerability

Cenzic’s SmartAttack arsenal now has enhanced support for Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability (BugtraqID 30560).

To learn more details on how you can automatically update your Cenzic Hailstorm product, visit our Website.

Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of product is updated with the latest vulnerabilities (custom, commercial, and open-source) to use when it emulates a hacker and attacks our customer’s websites to detect their security posture. These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types.

by
Erin Swanson
ESwanson@cenzic.com

Get Application Security for $1500 from Cenzic

Mon, 04 Aug 2008 17:03:41 -0400

Get application security for $1500 using Cenzic Hailstorm Core

If you want to have a great way to test your Web application security, then fill out the Web form to purchase our Cenzic Hailstorm Core product for $1500. It’s a great price for a single-user, Windows application that gives you a glimpse of the power of our Hailstorm product suite. Core utilizes 5 different SmartAttack modules that assess your applications for common vulnerabilities. These attacks include:

Cross site scripting
SQL error message
Application exception
Cookie vulnerabilities
Web server vulnerabilities

So fill out the Web form now to receive an email with the link to download the product as well as the license key. You’ll be able to start assessing your applications right away.

by
Jon Zucker, Product Management
JZucker@cenzic.com

Web Server Vulnerability

Mon, 04 Aug 2008 16:43:12 -0400

Cenzic provides enhanced support for Web server vulnerabilities

Cenzic’s SmartAttack arsenal now has enhanced support for Sun Java System Web Server Unauthorized Access Vulnerability (BugtraqID 22993) that includes updates to our Form Caching, Weak Password, and Web Server Vulnerability SmartAttacks.

To learn more details on how you can automatically update your Cenzic Hailstorm product, visit our Website.

Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of product is updated with the latest vulnerabilities (custom, commercial, and open-source) to use when it emulates a hacker and attacks our customer’s websites to detect their security posture. These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types.

by
Erin Swanson
ESwanson@cenzic.com

What's New | Cenzic Security Blog

PHP 5 'posix_access()' Function 'safe_mode' Bypass Directory Traversal Vulnerability

See Also

Visit Cenzic Booth #303 at the Forrester Security Forum

See Also

Apache Tomcat 'HttpServletResponse.sendError()' Cross-Site Scripting Vulnerability

See Also

IDC White Paper on Application Security: No Room for False Positives

Application Security: Free Software & Evals from Cenzic

Win Love in Rusia

See Also

Apache Tomcat UTF-8 Directory Traversal Vulnerability

See Also

Q2 2008 Trends Report from Cenzic

See Also

Cross-Site Scripting v Blind SQL Injection: What’s More Harmful?

Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability

See Also

BlackHat Vegas 2008 Capsule

Got HP SPI Dynamics? Consider Cenzic.

See Also

Cross-Site Scripting Vulnerability for Apache ‘mod_proxy_ftp’ Wildcard Characters

See Also

Get Application Security for $1500 from Cenzic

See Also

Web Server Vulnerability

See Also