Blog Category: PCI Compliance

Recent Data on Web Application Vulnerability

3 May, 2010 (08:47) | PCI Compliance

Web Application Vulnerability Trends

The increase in disclosed web application vulnerabilities is staggering, to say the least. According to the research from nCircle:

  • The number of publicly disclosed web application vulnerabilities grew 1,755% from 2006 to 2009.
  • Through September 2009, more than half of the total publicly disclosed vulnerabilities were web application-related.
  • While the web application vulnerabilities grew 5% from 2008 to 2009 (projected), the total number of new vulnerabilities (including non-web application vulnerabilities) grew almost 10%.
    • web vulnerability stats 2009

    web vulnerability stats 2009

    The overall number of reported vulnerabilities has recently decreased, but web application vulnerabilities make up an increasing percentage of the total.

    If you would like to learn more, or if you have any questions regarding how Innovation Simple can help you automate your security risk and compliance please contact Innovation Simple or call 888-55-WEBSITE.

    Information in this post is courtesy of nCirle.

    Comments: -

    New Vulnerability Tests in HackerTested Service

    15 January, 2010 (09:05) | PCI Compliance

    Tests for the following vulnerabilities have been added to our HackerTested PCI scanning service:

    1. SuSE Security Update: ntp (2009-12-11)

    2. Pidgin MSN Custom Smileys Feature Emoticon Request Traversal Arbitrary File Disclosure

    3. SuSE Security Update: kdelibs4 (2010-01-07)

    4. CentOS : RHSA-2010-0029

    5. TurboFTP Server < 1.00.720 DoS

    6. Adobe Reader < 9.3 / 8.2 Multiple Vulnerabilities (APSB10-02)

    7. SuSE Security Update: java-1_4_2-ibm (2010-01-05)

    8. USN881-1 : krb5 vulnerability

    9. SuSE 11.0 Security Update: flash-player (2010-01-11)

    10. OpenX install.php / install-plugin.php Admin Authentication Bypass

    11. SuSE 11.1 Security Update: ntp (2009-12-21)

    12. SuSE 11.2 Security Update: ntp (2009-12-15)

    13. Adobe Illustrator Detection

    14. RHSA-2010-0029: krb

    15. SuSE Security Update: Security update for IBM Java 1.4.2 (java-1_4_2-ibm-6757)

    16. MDVSA-2010:001: pidgin

    17. MDVSA-2009:227-1: freeradius

    18. SuSE9 Security Update: Security update for IBM Java2 JRE and SDK (12565)

    19. MS10-001: Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270)

    20. OpenX Detection

    21. Adobe Illustrator Multiple Vulnerabilities (APSB01-10)

    22. MDVSA-2009:241-1: squid

    23. SuSE 11.2 Security Update: libpoppler-devel (2010-01-11)

    24. SuSE Security Update: java-1_6_0-ibm (2010-01-05)

    25. MDVSA-2010:003: sendmail

    26. SuSE 11.0 Security Update: ntp (2009-12-11)

    27. Adobe Acrobat < 9.3 / 8.2 Multiple Vulnerabilities (APSB10-02)

    Comments: -

    New Vulnerabilities Added to Hacker Test Service

    13 January, 2010 (08:39) | PCI Compliance

    In continual effort to maintain the highest service level possible for our PCI testing or hacker testing services, tests for the following vulnerabilities have been added to our HackerTested service. This will even further advance your websites ability to remain PCI compliant and protected from the latest hacker tricks:

    1. RHSA-2010-0020: kernel
    2. USN880-1 : gimp vulnerabilities
    3. SuSE Security Update: Security update for IBM Java 1.5.0 (java-1_5_0-ibm-6740)
    4. MDVA-2010:015: firefox
    5. RHSA-2008-0264: rhn
    6. MDVA-2010:014: spamassassin
    7. RHSA-2010-0018: dbus
    8. RHSA-2008-0525: rhn
    9. MDVA-2010:006: timezone
    10. RHSA-2009-1617: tomcat
    11. Snitz Forums 2000 active.asp HTTP X-Forwarded-For Header SQL Injection
    12. MDVA-2010:011: apache-conf
    13. JS Jobs Component for Joomla! index.php md Parameter SQL Injection
    14. RHSA-2008-0261: jabberd
    15. RHSA-2009-0466: java
    16. USN878-1 : firefox-3.5, xulrunner-1.9.1 regression
    17. RHSA-2010-0019: kernel
    18. CentOS : RHSA-2010-0018
    19. RHSA-2009-1618: mod_jk
    20. RHSA-2008-1007: tomcat
    21. Kerberos Information Disclosure
    22. RHSA-2008-0524: jabberd
    23. RHSA-2008-0630: jfreechart
    24. CentOS : RHSA-2010-0019
    25. RHSA-2008-0629: rhn
    26. Altiris Deployment Solution Server DB Manager Detection
    27. RHSA-2009-1616: tomcat
    28. RHSA-2007-0868: rhns
    29. Altiris Deployment Solution Server < 6.9.430 Multiple Vulnerabilities (SYM09-011)
    30. RHSA-2007-1069: jakarta
    31. FreeBSD : powerdns-recursor — multiple vulnerabilities (5213)
    32. RHSA-2008-0636: java
    33. USN877-1 : firefox-3.0, xulrunner-1.9 regression
    34. VMSA-2010-0001

    Call and ask about our Hacker Tested service today. Call 888-559-3274.

    Comments: -