AppShield Demo
AppScan Demo
web perversion demo
Press Release Back to Press Releases
Perfecto Technologies Launches Black Watch Labs: The First Online Web Application Security Management Resource
 

Black Watch Labs Issues First Security Advisory Concerning the Safety of Millions of Web Sites

Santa Clara, Calif. - February 17, 2000 - Perfecto Technologies, the leading developer of Web application security management software, today unveiled Black Watch Labs (www.sanctuminc.com/blackwatch/), an online research center dedicated to increasing awareness of Web application security issues within the Internet community. In addition to publishing general information on Web application security topics, Black Watch Labs will issue alerts when Web application vulnerabilities are discovered. Black Watch Labs today issued its first advisory, which demonstrates how ordinary search engines can be used to identify millions of Web sites that are potentially vulnerable to application-level hacking attacks.

"Up until today, there has been a noticeable lack of comprehensive information about Web application security," said Eran Reshef, senior vice president and co-founder of Perfecto Technologies. "As the leader in Web Application Security Management software, we recognized the significance of this gap and the potential risks faced by any business with a Web site and their customers. We established Black Watch Labs to identify and share Web application vulnerabilities."

"The subject of our first alert is a case in point," Reshef continued. "We discovered that search engines can be used to find Web sites with potential vulnerabilities that allow hackers access to extremely sensitive data. eBusinesses and consumers need to be aware of these problems."

The Black Watch Labs Web site will feature up-to-date information on Web application security, newly discovered vulnerabilities, white papers and links to other security organizations. Subscribers to the free service will also receive e-mail notification every time a new vulnerability is discovered.

In its first advisory, Black Watch Labs reveals how ordinary search engines can be used to discover potential Web application vulnerabilities in indexed sites. Because many Web application vulnerabilities have tell-tale characteristics, searching for the signature of a particular vulnerability can yield thousands of at-risk Web sites. Among the potential weaknesses such searches can uncover are: open debug options (which can be used to grant unlimited access to a site), the ability to track all visitors to a site and the ability to execute remote SQL queries (database commands). For technical details of this problem, please visit http://www.sanctuminc.com/blackwatch/.

For example, using Infoseek to search for links containing the word "price" yields 132,561 matches. A link that contains the word "price" might pass the price as a parameter exposing the site to eShoplifting (e.g. changing the price of the item purchased).

Searching AltaVista for the phrase "User Profile by Regions" results in 3,605 pages that contain the usage statistics of Web sites exposed to this loophole. These statistics includes information of users accessing the site, the path they choose during their visit, search engines and keywords used to reach site, etc.

"This is a particularly strong example of the state of application-level security throughout the Internet," commented Dennis Szerszen, of Hurwitz Group. "The idea that search engines can be used to detect Web application vulnerabilities within indexed Web sites, combined with the large number of vulnerable sites found, illustrates a frightening reality that should serve as a wake-up call to anyone doing business on the Internet."

About Perfecto Technologies
Founded in 1997 and headquartered in Santa Clara, Calif., Perfecto Technologies is the leader in Web Application Security Management software. AppShield, Perfecto's initial product offering, is the first to provide extreme security for customer-facing applications in dynamic eBusiness environments. Privately held, Perfecto is funded by blue-chip venture capital firms and industry leaders, including Goldman Sachs, Intel Corporation, Sequoia Capital, The Sprout Group and Walden Israel. More information about Perfecto Technologies may be obtained by visiting the Company's Web site at www.perfectotech.com or by calling the Company directly at (408) 855-9500.

 #   #   #

For Immediate Release
Contact:

Chris Benham
Perfecto Technologies, Inc.
(408) 855-9500
[email protected]

Kevin Pedraja
Sterling Communications
(408) 441-4100
[email protected]

Back to Press Releases


      © 2000 Sanctum, Inc.      Privacy Statement
  1. https://www.gustudentassociation.org/
  2. https://kimmerestaurant.com/
  3. https://www.nyonyafood.com/
  4. https://www.perfectotech.com/
  5. https://www.planetgapyear.com/
  6. https://whatcomvet.com/
  7. https://theclassicyachtexperience.com/
  8. https://www.batonrougerosesociety.org/
  9. https://www.finburysullivan.com/
  10. https://mikrofinanzinstitut.com/
  11. https://oakgroveplantationsc.com/
  12. https://www.the-vision-of-harmony.org/
  13. https://www.pantheonpress.com/
  14. https://thefinancialgraduate.com/
  15. https://www.thenutkitchen.com/
  16. https://altiboutique.com/
  17. https://ambushsweden.com/
  18. https://goingonforgod.com/
  19. https://lasdopestattorney.com/
  20. https://www.sewardne.com/
  21. https://www.tehranfestival.com/
  22. https://www.bistrotmarin.com/
  23. https://brysonchristianmontessorischool.com/
  24. https://www.excalibureurope.com/
  25. https://www.tropicaltopless.com/
  26. https://www.originallotsoflox.com/
  27. https://www.wavespace-berlin.com/
  28. https://www.nicolasboutruche.com/
  29. https://www.michiganmediates.org/
  30. https://www.victoria-abbott.com/
  31. https://www.yourmyrtlebeachproperty.com/
  32. https://metrcconference.com/
  33. https://biotechscope.com/
  34. https://jzbrasil.com/
  35. https://kingswoodacquisition.com/
  36. https://www.mobilegourmetkitchen.com/
  37. https://saafootball.org/
  38. https://griefergames.info/
  39. https://ampalauragarcianoblejas.com/
  40. sbobet
  41. judi parlay
  42. togel kamboja
  43. Pengeluaran Cambodia
  44. judi bola
  45. demo slot
  46. Togel Kamboja
  47. keluaran Kamboja
  48. slot thailand
  49. togel kamboja
  50. keluaran kamboja
  51. togel Kamboja
  52. slot demo
  53. keluaran cambodia
  54. togel cambodia
  55. demo mahjong
  56. live draw macau
  57. slot thailand
  58. pengeluaran kamboja