 |
Watchfire Researchers Teach An Old Bug New Tricks (Channel Web Network, August 2, 2007)
At a conference like the Black Hat Briefings, it's not all that unusual to see someone demonstrate an attack that exploits a software bug to take over a system remotely. Attendees sit up and take notice, however, when the attack uses a new method that can be used against other applications, or it exploits a particularly common bug, or the bug was previously not considered a significant security risk.
|
 |
Three New Classes of Vulnerabilities with No Cure Whatsoever (eWeek Security Watch, August 1, 2007)
I just sat down with Danny Allan, director of security researcher at Web application security company Watchfire, and he summed it up: For the first time in years, people are walking out of Black Hat presentations shaking their heads, having learned about new classes of vulnerabilities for which there's simply no solution.
|
 |
Firm finds new danger in dangling pointers (SecurityFocus, July 25, 2007)
In December 2005, technology consultant Inge Henriksen announced he had found a flaw in Microsoft's flagship Web server platform, Internet Information Server (IIS) 5.1. Yet, because the vulnerability appeared impossible to exploit, Microsoft put off patching the issue. |
 |
'Dangling pointers' more dangerous than thought, says security vendor (Computerworld, July 23, 2007)
An issue largely ignored because the security risk was deemed only theoretical might soon become a significant and dangerous security risk, according to Web application security vendor Watchfire Inc. |
 |
Pointing to Danger (darkReading, July 23, 2007)
A bit of commonly ignored, leftover code found in many applications could give attackers a chance to remotely control or load malware onto your systems, a research team said this week. |
 |
New hacking technique exploits common programming error
(SearchSecurity.com, July 23, 2007)
Researchers at Watchfire Inc. say they have discovered a reliable method for exploiting a common programming error, which until now had been considered simply a quality problem and not a security vulnerability.
|
 |
Black Hat/Defcon hackfests this week promise rollicking Action, Network attacks, VoIP vulnerabilities and rootkit updates on display at conferences (Network World, July 23, 2007)
Rigorous and sometimes raw disclosure of network vulnerabilities will all be part of the action at next week's back-to-back hackfests Black Hat and Defcon in Las Vegas. |
 |
PODCAST: Web security, present and future (CNET News.com, June 25, 2007)
CNET talks to Web security experts about where we are when it comes to Web security. The podcast, featuring Danny Allan of Watchfire, asks where web security should be going, how the big three-Microsoft, Google and Yahoo-are doing at keeping Web applications secure, and more. |
 |
Watchfire Introduces Web Application Security Testing Product (TestandMeasurement.com, May 7, 2007)
Watchfire, one of the market leading provider of web application security software and services, recently announced a new quality assurance edition of the Company's flagship product, AppScan. AppScan QA introduces the latest web application security testing to the QA cycle, with new and enhanced integration with the industry's most popular software quality management solutions-HP (formerly Mercury) Quality Center and IBM Rational ClearQuest. This new release complements Watchfire's web-based enterprise platform - AppScan Enterprise, a solution that enables organizations to scale application security testing into QA and development via a web-based system, according to the company source. |
 |
REVIEW: Find Application Security Holes with AppScan (Relevant Technologies, May 3, 2007)
Watchfire's AppScan 7 (AppScan) is just the thing for detecting website vulnerabilities. Whether your organization is a financial institution, a managed service provider, or hosts its own web applications that contain confidential and private information, AppScan finds the holes. Specifically designed to find web based vulnerabilities, AppScan is suitable for use on both intranet and Internet based applications. I recently used AppScan on a consulting engagement and found it to be one of those products that anyone doing security audits shouldn't be without. Let me tell you how it works, and what I liked best about it. |
 |
Watchfire to open up some product code (SC Magazine, April 19, 2007)
Watchfire announced this week that it will take a page from the open source playbook by making some extended features its product platform public, as well as opening up the product to customers who want to develop their own plug-ins. |
 |
Watchfire Expands to Open Source Ecosystem (internetnews.com, April 17, 2007)
Application security vendor Watchfire is opening up its AppScan product to help extend its vulnerability scanning capabilities. |
 |
Watchfire Introduces Web Site for Extensions (SD Times, April 16, 2007)
Watchfire today is introducing a new community Web site for the creation of extensions for its Web application security solution, AppScan 7.5. |
 |
Software testing tools to help integrate application security throughout the SDLC (SearchSoftwareQuality.com, April 16, 2007)
Watchfire is making it easier to integrate Web application security throughout the software development life cycle (SDLC) with its new application security testing tools. |
|
Watchfire online community shares vulnerability testing knowledge (Network World, April 16, 2007)
Watchfire is opening up its Web application-vulnerability software so cusomters can create their own security test of corporate applications. |
 |
TJX thieves had time to steal, trip up (MSNBC, April 13, 2007)
For at least 17 months, someone had free rein inside TJX Cos.' computers. Without anyone noticing, one or more intruders installed code on the discount retailer's systems to methodically unearth, collect and transmit account data from at least 45.7 million credit and debit cards. |
 |
TJX data thieves had time to steal (USA Today, April 13, 2007)
For at least 17 months, someone had free rein inside TJX Cos.' computers. Without anyone noticing, one or more intruders installed code on the discount retailer's systems to methodically unearth, collect and transmit account data from at least 45.7 million credit and debit cards. |
 |
Vulnerability Scanning For App Security (Processor, March 30, 2007)
One of the most painful yet necessary tasks in any software or hardware development cycle is security testing. However, especially in software and Web development, the task of security testing is often integrated into the design and development process, so the developers who designed the product are also responsible for assessing the security of their own products. |
 |
Focus on the data (GCN.com, March 26, 2007)
A panel of current and former federal officials discussed IT security at a symposium last week, and, surprisingly, there was little more than a passing reference to regulatory compliance. |
|
Play With Fire...and You Just Might Learn (SD Times, March 15, 2007)
With the release of AppScan Enterprise 5, Watchfire claims to have put bewildering security vulnerabilities into layman's terms for developers. |
 |
A New Battleground for Computer Security (The Wall Street Journal, March 6, 2007)
The changing interests of the Internet's troublemakers are creating fresh dangers for consumers, making Web sites they know and trust potential sources of PC misery. |
 |
Web-based apps check code before and after release (IT Week, February 22, 2007)
Watchfire's new release, Appscan Enterprise 5, checks source code under development for security problems. The latest version includes a new "point and shoot" testing tool called Quickscan and integrated Computer Based Training, which Watchfire said will "accelerate the adoption of security testing by QA and development teams". |
 |
Watchfire Adds Ajax Testing, Spots Google Desktop Flaw (REDORBIT, February 22, 2007)
Watchfire Corp, which takes an ethical hacking approach to uncovering website vulnerabilities, is releasing a new version of its enterprise offering that extends coverage to loosely scripted, highly interactive Ajax-style applications. |
|
Watchfire tools ease security checks (washingtonpost.com, February 21, 2007)
Watchfire is ugrading it's application vulnerability-testing software so it's easier for Web software developers to run scans on code and to close security holes. |
 |
Serious Flaw in Google Desktop Prompts Patch (washingtonpost.com, February 21, 2007)
Search engine giant Google has issued an update for people running its powerful Desktop software. Researchers had demonstrated a potentially devastating security hole in the software that could allow bad guys to snoop on users' computers or even to install additional software. |
 |
Google Says Security Hole in Search Software Is Fixed (Bloomberg.com, February 21, 2007)
Google Inc., the most-used Internet search engine, fixed a program glitch that might have allowed hackers access to the personal files of people who used the company's desktop-search software. |
|
Serious flaw in Google Desktop gets fix (CNET News.com, February 21, 2007)
Several flaws in the popular Google Desktop software could open PCs up to intruders and possible data theft, a security company has warned. |
|
Google Desktop flaw allows data theft (SecurityFocus, February 21, 2007)
Security firm Watchfire warned Google Desktop users on Wednesday to update the program to make certain that they are protected from a vulnerability that could allow an attacker to use JavaScript to search for and steal specific data on a user's system. |
|
Google plugs dangerous flaw (SearchSecurity.com, February 21, 2007)
Google Inc. has plugged a dangerous flaw in its desktop search tool that could have exposed users' personal files to an attacker. |
|
Watchfire spots Google Desktop vulnerability that can allow access to sensitive files (SC Magazine, February 21, 2007)
Researchers from a leading web application firm said today they have uncovered a major vulnerability in Google Desktop that could allow hackers to perform searches on a victim's computer and discover sensitive files. |
 |
Watchfire Releases Web-Based Security Scanning Tool (eWeek, February 20, 2007)
Watchfire has released a new vulnerability scanning and reporting tool aimed at finding security flaws early in the software development lifecycle. |
|
Douse Application Security Flaws With Watchfire (internetnews.com, February 20, 2007)
Watchfire has put the finishing touches on AppScan Enterprise 5, a new version of the company's software platform fitted with a point-and-shoot testing tool and training utilities to facilitate quality assurance. |
 |
Canadian Nuclear Safety Commission hacking attack a warning? (itWorldCanada, February 9, 2007)
The hacking attack on the Web site of the Canadian Nuclear Safety Commission (CNSC) could have been meant as a warning, says a Canadian security expert. |
 |
Watchfire wins conference awards (Boston Globe, February 9, 2007)
Watchfire was crowned best security company at a recent industry conference. |
|
The security implications of Web 2.0 (SC Magazine, January 30, 2007)
Authored by Watchfire's Mike Weider, this article highlights the most common Web 2.0 vulnerabilities that privacy and security professionals need to be aware of, including better understanding for how Web services and AJAX can be exploited and the attacks that they can enable. |
