How Internal Scanning works: Q&A with Detectify’s product expert
Security doesn’t stop at the perimeter. The “inside” of your network often harbors many overlooked risks. To address this, ealier this year we launched Detectify Internal …
Newly added security tests, September 21, 2017: Zend, cPanel and WordPress plugins
Detectify
We have been busy this week, adding 14 new security tests to our service. The main focus of this update are various WordPress plugin vulnerabilities that we covered in more detail in a blog post earlier this week.
Here are the latest additions to the Detectify scanner:
- Symfony parameters.yml Exposure
- Zend application.ini Exposure
- Python flask fingerprinting
- cPanel Open Redirect (SEC-300) – You can read more about this vulnerability on cPanel’s website
- Magento configuration backup disclosure
- WordPress WooCommerce PDF Invoices & Packing Slips Authenticated XSS
- WordPress Ninja Forms Authenticated XSS
- WordPress Anti-Malware Security and Brute-Force Firewall Authenticated XSS
- WordPress Pretty Links Authenticated XSS
- WordPress Loco Translate Authenticated XSS
- WordPress Google Pagespeed Insights Authenticated XSS
- WordPress Booking Calendar Authenticated XSS
- WordPress Crelly Slider Authenticated XSS
- WordPress Pinfinity Theme XSS
Check out more content
Introducing PCI ASV Scanning: Continuous attack surface compliance in partnership with Clone Systems
Maintaining a secure external attack surface is no longer just about finding vulnerabilities; it’s about proving your resilience to partners, auditors, and regulatory bodies. Today, …
