Lucene search
K

105 matches found

Wallarm Lab
Wallarm Lab
added 2018/10/05 3:38 a.m.64 views

Tools to address OWASP Top 10 Risks

In a recent article published by Security Boulevard. we talked about OWASP Top 10 Risk classification and overlap. In this post, we will look into the tools that may help address these risks. To understand what’s possible to cover with which protection mechanisms we can now color-code our OWASP...

6.7AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/05/24 2:33 p.m.80 views

Outpost24 Appsec Scale for Web Application Scanning

Today I would like to write about yet another Outpost24 product - cloud Web Application Scanner Appsec Scale. It is available in the same interface as Outpost24 Outscan, that I reviewed earlier. Select APPSEC SCALE in the start menu and you can scan web applications: New application If you don't...

0.2AI score
Exploits0
Prion
Prion
added 2018/01/08 10:29 p.m.14 views

Cross site request forgery (csrf)

Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have CSRF resulting in deletion of a customer address from an address book, aka APPSEC-1433...

5.8CVSS6.5AI score0.0043EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2017/12/30 9:29 p.m.13 views

Session fixation

Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503...

4.3CVSS6AI score0.00637EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2017/12/30 9:29 p.m.16 views

CVE-2016-10704

Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503...

6.1CVSS6.2AI score
Exploits0References1
CVE
CVE
added 2017/12/30 9:0 p.m.47 views

CVE-2016-10704

CVE-2016-10704 affects Magento Community Edition and Enterprise Edition before versions 2.0.10 (CE) and 2.1.x before 2.1.2. The issue is an XSS in email templates that is mishandled during preview (APPSEC-1503). Root cause: crafted input in email template preview can be reflected in rendered cont...

6.1CVSS5.9AI score0.00637EPSS
Exploits0References1Affected Software1
Wallarm Lab
Wallarm Lab
added 2017/09/05 5:19 p.m.46 views

Wallarm to sponsor OWASP AppSec USA

If you are a SecOps or DevOps professional you can not miss the application security event of the year: AppSec USA, September 19–22nd at Disney Coronado Spring Resort, Orlando, FL Use the code: UNLM50WLLRM to register to get $50 discount. You will get great information on the new security tools a...

6.7AI score
Exploits0
n0where
n0where
added 2017/01/30 5:13 a.m.30 views

Mobile Application Security Training Platform: Security Shepherd

The OWASP Security Shepherd project is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic. The aim of this project is to take AppSec novices or experienced engineers and sharpen...

8.2AI score
Exploits0References1
Kitploit
Kitploit
added 2015/05/09 7:14 p.m.47 views

Autorize - Automatic Authorization Enforcement Detection (Extension for Burp Suite)

Autorize is an automatic authorization enforcement detection extension for Burp Suite. It was written in Python by Barak Tawily, an application security expert at AppSec Labs. Autorize was designed to help security testers by performing automatic authorization tests. Installation 1. Download Burp...

7.1AI score
Exploits0References1
Kitploit
Kitploit
added 2015/02/12 10:23 p.m.33 views

AppUse - Android Pentest Platform Unified Standalone Environment

AppUse Virtual Machine, developed by AppSec Labs, is a unique and free system, a platform for mobile application security testing in the android environment, and it includes unique custom-made tools. Faster & More Powerful The system is a blessing to security teams, who from now on can easily...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2014/12/12 3:41 a.m.11 views

Alibaba Marketplace Vulnerability Puts Millions Of Shoppers at Risk

Alibaba Group has patched a major security vulnerability in one of its e-commerce portals that exposed account details of tens of millions of Merchants and shoppers to cyber criminals. An Israeli application security firm, AppSec Labs, found a Cross site scripting XSS vulnerability in AliExpress,...

5.7AI score
Exploits0
0day.today
0day.today
added 2014/01/14 12:0 a.m.55 views

SoapUI 4.6.3 - Remote Code Execution Vulnerability

Exploit for windows platform in category remote exploits Exploit Title: SoapUI Remote Code Execution Date: 25.12.13 Exploit Author: Barak Tawily Vendor Homepage: http://www.soapui.org/ Software Link: http://www.soapui.org/Downloads/download-soapui-pro-trial.html Version: vulnerable before 4.6.4...

9.3CVSS6.5AI score0.07673EPSS
Exploits7
ThreatPost
ThreatPost
added 2013/11/21 1:26 p.m.19 views

Replacing Security Best Practices With Things That Work

NEW YORK–The term “best practices” is high on the list of overused and nearly meaningless phrases that get thrown around in the security field. It forms the basis for regulations such as HIPAA and PCI DSS and yet if you asked a random sample of 10 security people what the phrase meant, you’d like...

7AI score
Exploits0
Kitploit
Kitploit
added 2013/04/03 12:50 p.m.24 views

[AppUse] Android Pentest Platform Unified Standalone Environment

AppSec Labs recently developed the AppUse Virtual Machine. This system is a unique, free, platform for mobile application security testing in the android environment, and it includes unique custom-made tools created by AppSec Labs. There is no need for installation of simulators and testing tools...

7.4AI score
Exploits0
ThreatPost
ThreatPost
added 2013/01/11 7:17 p.m.15 views

Sybase Fixes Nine ASE Flaws

Enterprise software and services company Sybase has again patched holes in its Adaptive Server Enterprise ASE product, fixing a handful of database vulnerabilities that could have allowed a hacker to execute code and bypass security parameters on the company’s main database server product. As...

1.4AI score
Exploits0References4
ThreatPost
ThreatPost
added 2012/10/25 7:15 p.m.9 views

SAP's Sybase RDMS Patches Fail to Repair 10 Critical Vulnerabilities

Patches released this week by database and mobile management vendor Sybase did not completely repair serious privilege escalation and remote code execution vulnerabilities in versions 15.0.3 and later of its Adaptive Server Enterprise ASE product. Researchers at Application Security Inc., which...

0.3AI score
Exploits0References3
ThreatPost
ThreatPost
added 2012/05/07 2:0 p.m.10 views

A CISO's Guide To Application Security – Part 4: Weighing AppSec Technology Options

This post is the fourth in a 5-part series on Application Security, or “AppSec”. The series will define the components of a sound AppSec program, delineate the growing threats to software, weigh the costs of a data breach, and outline the CISO’s responsibility in managing software security risk...

7.3AI score
Exploits0References3
ThreatPost
ThreatPost
added 2012/04/30 2:8 p.m.11 views

A CISO's Guide To Application Security – Part 3: Toward an AppSec Center of Excellence

This post is the third in a 4-part series on Application Security, or “AppSec”. The series will define the components of a sound AppSec program, delineate the growing threats to software, weigh the costs of a data breach, and outline the CISO’s responsibility in managing software security risk...

Exploits0References6
ThreatPost
ThreatPost
added 2012/04/10 1:21 p.m.18 views

A CISO's Guide To Application Security – Part 1: Defining AppSec

Editor’s Note: This post is the first in a multi-part series on Application Security, or “AppSec” prepared by our friends over at application testing firm Veracode. The series will define the components of a sound AppSec program, delineate the growing threats to software, weigh the costs of a dat...

0.1AI score
Exploits0References12
ThreatPost
ThreatPost
added 2011/09/28 6:57 p.m.11 views

Behind the Numbers of Mozilla's Bug Bounty Program

Bug bounty programs have been around in various forms for more than 15 years now, and many of the larger software companies, including Mozilla and Google, have established rewards for people who report bugs. But, aside from the amount of money that’s paid out when bugs are fixed, there hasn’t bee...

6.7AI score
Exploits0References3
Rows per page
Query Builder