vulnerability

Review: Typhon

Review: Typhon

NGS Software Typhon is more of a traditional network vulnerability assessment tool with some application intelligence built in. The utility was able to locate FTP-based vulnerabilities on our test system, but had difficulties with web assessment.
Patrick Love, Head of Fiduciary Support, Global Wealth Sol Sep 24 2007 12:00AM Security
Review: Fortify Source Code Analysis

Review: Fortify Source Code Analysis

The Fortify offering is a software-based solution which is also a CASE (computer aided software engineering) utility. Any source code can be reviewed with the Source Code Analysis (SCA) suite.
Patrick Love, Head of Fiduciary Support, Global Wealth Sol Sep 13 2007 4:44PM Security
Review: AppDetectivePro

Review: AppDetectivePro

AppDetectivePro primarily looks for security holes inside of a number of popular database servers. The user interface makes it easy to determine which steps of the scan should be performed next.
Patrick Love, Head of Fiduciary Support, Global Wealth Sol Sep 13 2007 4:43PM Security
JavaScript hijacking - a new vulnerability

JavaScript hijacking - a new vulnerability

A new vulnerability, termed JavaScript hijacking, was recently identified that specifically affects the rich, interactive interfaces typically associated with Ajax and Web 2.0 applications.
Jacob West, Sep 13 2007 7:19AM Security
Hot or not: The Forum of Incident Response and Security Teams (FIRST) unveils updated common vulnerability scoring system

Hot or not: The Forum of Incident Response and Security Teams (FIRST) unveils updated common vulnerability scoring system

The new scoring system promises to make it easier for security managers and the IT industry to better measure the real-world risks associated with software flaws.
Amol Sarwate, Sep 11 2007 3:03PM Security
UN AIDS site target of new 'vulnerability scan' attack

UN AIDS site target of new 'vulnerability scan' attack

Hackers compromise a United Nations’ Asia Pacific AIDS information site using an emerging malicious technique which scans for multiple vulnerabilities.
Negar Salek Aug 29 2007 9:57AM Security
Review: AppDetective

Review: AppDetective

AppDetective primarily looks for security holes inside of a number of popular database servers. The user interface makes it easy to determine which steps of the scan should be performed next.
Patrick Love, Head of Fiduciary Support, Global Wealth Sol Aug 27 2007 1:57PM Security
Review: Source Code Analysis Suite

Review: Source Code Analysis Suite

The Fortify offering is a software-based solution which is also a CASE (computer aided software engineering) utility.
Patrick Love, Head of Fiduciary Support, Global Wealth Sol Aug 20 2007 8:00AM Security
Review: AppScan 7.5

Review: AppScan 7.5

Watchfire AppScan is a software-based offering, which runs from the Windows platform. You may remember earlier versions of AppScan that required a Linux-based server and were configured and run through a web browser.
Patrick Love, Head of Fiduciary Support, Global Wealth Sol Aug 1 2007 12:00AM Security
ActiveX vulnerability hits Yahoo Widgets

ActiveX vulnerability hits Yahoo Widgets

Researchers at security research firm Secunia have revealed a "highly critical" security vulnerability in Yahoo's desktop Widgets. Widgets are software plug-ins that allow delivering a variety of information - weather reports, sports scores, and music - to users' computer desktops.
Jim Carr Jul 30 2007 8:35AM Security
Mozilla says URL protocol handling vulnerability is a Firefox issue

Mozilla says URL protocol handling vulnerability is a Firefox issue

Mozilla's chief security guru on Monday issued a mea culpa for her company's handing of a URL protocol handing flaw that was believed to only be exploitable from Internet Explorer (IE).
Frank Washkuch Jul 25 2007 9:52AM Security
Mozilla distributes eight patches; blames Microsoft for vulnerability

Mozilla distributes eight patches; blames Microsoft for vulnerability

Mozilla on Tuesday released eight patches - three of them deemed "critical" - in its Firefox 2.0.0.5 release, as the company's chief security official chided Microsoft for failing to protect users from an Internet Explorer bug.
Frank Washkuch Jul 19 2007 10:11AM Security
eBay-like marketplace for vulnerability exchange opens

eBay-like marketplace for vulnerability exchange opens

A Switzerland-based company this week launched an eBay-like marketplace for buying and selling zero-day software vulnerabilities.
Dan Kaplan Jul 9 2007 9:49AM Security
HP ventures into vulnerability assessment

HP ventures into vulnerability assessment

GLOBAL - SPI Dynamics buy adds security scanning to application life cycle offering.
Tom Sanders Jun 21 2007 5:58PM Security
HP ventures into vulnerability assessment

HP ventures into vulnerability assessment

UK - Spi Dynamics aquisition adds security scanning to application life cycle
offering.
Tom Sanders Jun 20 2007 5:30PM Security
Review: Core Impact 6.0

Review: Core Impact 6.0

Impact 6.0 from Core Security is a pure penetration testing tool. It is optimised for production use and comes with a suite of pre-programmed exploits. The support agreement provides regular updates with new exploits. Users can write their own exploits and can add to existing ones in the library. Impact can perform pre-configured scenarios or individual exploits.
Peter Stephenson,CeRNS, May 15 2007 12:00AM Security
Review: NetClarity Branch Auditor 5.0

Review: NetClarity Branch Auditor 5.0

Last year we reviewed NetClarity’s Enterprise Auditor product and we liked it a lot. This year we looked at its little sibling, the Branch Auditor. We were amazed at the power of this little handful of an appliance.
Peter Stephenson,CeRNS, May 15 2007 12:00AM Security
Cisco warns of NetFlow vulnerability

Cisco warns of NetFlow vulnerability

Cisco's IP traffic-collection software contains a vulnerability that can provide attackers with unauthorised access and grant them full administrative control to an operating system, the networking giant reported in an advisory.
Dan Kaplan Apr 30 2007 9:44AM Security
QuickTime vulnerability expands to IE

QuickTime vulnerability expands to IE

A QuickTime vulnerability unearthed last Friday also infects Microsoft's Internet Explorer browser.
Shaun Nichols Apr 26 2007 1:00PM Security
Microsoft suffers DNS vulnerability attacks

Microsoft suffers DNS vulnerability attacks

Microsoft confirmed yesterday that it has uncovered targeted attacks exploiting a new vulnerability in the Windows Server DNS Service.
Staff Writers Apr 16 2007 12:26PM Security

Log In

  |  Forgot your password?