August 2, 2024 at 07:00AM Enterprise Resource Planning (ERP) Software, including the open-source framework OFBiz, faces critical security vulnerabilities, as demonstrated by the exploitation of a directory traversal flaw. The SANS Internet Storm Center reported an increase in exploit attempts, with attackers targeting OFBiz using the Mirai botnet. The vulnerabilities pose a threat to sensitive … Read more
April 2, 2024 at 07:09AM The OWASP Foundation announced a data breach revealing personal information of aspiring members from over a decade ago. The breach exposed names, addresses, phone numbers, and emails of members, prompting the organization to take security measures, notify impacted individuals, and caution the public. While the exposed data is old, caution … Read more
December 18, 2023 at 05:43PM An unpatched Java deserialization vulnerability in the Google Web Toolkit (GWT) open source application framework remains unresolved after over eight years. This flaw, which enables remote code execution, could potentially require significant framework fixes for vulnerable applications. According to research by Bishop Fox, addressing this issue may necessitate architectural changes … Read more
December 11, 2023 at 07:48AM The Apache Software Foundation released security updates addressing a critical file upload vulnerability in Struts 2, which could be exploited to execute arbitrary code remotely. Tracked as CVE-2023-50164, the flaw impacts Struts versions 2.0.0 to 2.3.37, 2.5.0 to 2.5.32, and 6.0.0 to 6.3.0. The vulnerability was patched in Struts versions … Read more
November 15, 2023 at 10:04AM The text discusses the significance of web application security and introduces the OWASP Top 10, which is a comprehensive resource highlighting the most critical security risks to web applications. The latest edition of the OWASP Top 10 is presented, along with testing strategies for each risk. Regular web application security … Read more
November 7, 2023 at 07:36AM The OPSWAT 2023 Web Application Security report reveals that while 75% of organizations have modernized their infrastructure and 78% have increased their security budgets, only 2% are confident in their security posture. The shift to cloud-based and containerized web applications presents new security challenges, particularly in file upload security. The … Read more