How an AppCheck scan will help your business with GDPR compliance

There is no doubt that the GDPR is serious business. AppCheck has noticed a significant shift in focus by company Executives, taking a much more active interest in security matters since the GDPR.

Naturally, with that comes a never-ending list of vendors claiming to solve the GDPR problem. In truth, no one product or service can achieve compliance. Rather the GDPR requires a strategy that includes a thorough understanding of your responsibilities, exposure and requirements to demonstrate compliance with the six principals of the GDPR.

AppCheck has a significant part to play in the compliance strategy, this document highlights existing and new features introduced to support compliance.

Download the document now

Subscribe me to your mailing list

AppCheck recognised as Technology Provider for GDPR Institute

A leading provider of web application and external infrastructure vulnerability scanning tool Appcheck have been recognised as an official technology provider by the GDPR Institute to help businesses prepare themselves for the new GDPR regulations.

To kick start this preparation Appcheck are offering a full free vulnerability scan and report against 1 URL and 10 external IP Addresses which gives a breakdown of what threats might exist in your external systems –

As SME games company is fined, none will be spared says ICO

The Independent Commissioners Office (ICO) sent a harsh message to SME’s when it fined games company Boomerang £60,000 for failing to stop a breach in 2015.

Boomerang, a video games rental service, had a third party build its website. A coding error in the login page resulted in an SQL injection malware attack that led to the exposure of names, addresses, primary account numbers, card expiry dates and security codes of 26,000 of its customers which led to over 1,000 subsequent complaints.

The Answer: Don’t be negligent with your data and risk a hefty fine.

The AppCheck scanning tool can help you prepare your business for the new GDPR regulations by providing you with regular network checks/fixes and reports for stakeholders/3rd party governance. Providing evidence of best practice whilst balancing budget expectations –

  • Giving a snapshot in time of the current security posture
  • Provide a regular test of all network applications and the external infrastructure
  • Unlimited testing


For more information contact 01691 663000 or email sales@vcwsecurity.com

How AppCheck can help you prepare your business for the new GDPR regulations

Appcheck is a market leading Cloud, Automated, Website / App and External Infrastructure scanner built by a team of UK based CHECK and Crest accredited Penetration Testers.

They currently have a portfolio of large Blue Chip Companies that they provide this service to, including the likes of Skype, Splunk, Capita, Iceland, WHSmith and many more. They have uncovered various new vulnerabilities in App’s such as in Ebay for example. They were also the first to write plug-ins for exploits such as Shell Shock and HeartBleed. The AppCheck scanning tool can help you prepare your business for the new GDPR regulations and the threat of a data breach by providing you with regular network checks/fixes and reports for stakeholders/3rd party governance. Providing evidence of best practice whilst balancing budget expections –

  • Giving a snapshot in time of the current security posture
  • Provide a regular test of all network applications and the external infrastruture

Join over 300 companies who have taken advantage of a free AppCheck assessment in January alone to see how you are measuring up.


If you would like a FREE TRIAL of Appcheck for yourselves or any of your clients please get in touch on 01691 663000 or email sales@vcwsecurity.com

Affected by the Apache Struts Zero Day Vulnerability?

Last week information security researchers discovered a Zero-Day vulnerability in Apache Struts web application framework, which is being actively exploited in the wild and is under active attack. Apache Struts is a free, open-source, Model-View-Controller (MVC) framework for creating elegant, modern Java web applications, which supports REST, AJAX, and JSON.

According to the researchers, the issue is a remote code execution vulnerability in the Jakarta Multipart parser of Apache Struts that could allow an attacker to execute malicious commands on the server when uploading files based on the parser.

“It is possible to perform an RCE attack with a malicious Content-Type value,” warned Apache. “If the Content-Type value isn’t valid an exception is thrown which is then used to display an error message to a user.”

An example of one attack, which attempts to copy the file to a harmless directory, ensure the executable runs, and that the firewall is disabled on boot-up, is below:

apache text

 

 

 

 

 

The vulnerability has now been patched by Apache, so if any users are using Jakarta based file upload Multipart parser, upgrade to Apache Struts version 2.3.32 or 2.5.10.1. You can also switch to a different implementation of the Multipart parser.

AppCheck recommend that you run a vulnerability assessment to ensure your systems are not vulnerable.

As soon as the vulnerability was disclosed, the AppCheck research and development team wrote a plugin to ensure the vulnerability would be detected and reported. To simplify the remediation process AppCheck was updated within hours of the public disclosure to correctly identify the flaw as a known vulnerability.


If you would like a FREE TRIAL of Appcheck for yourselves or any of your clients please get in touch on 01691 663000 or email sales@vcwsecurity.com

Critical flaw found in popular PHP library

On the 25th of December 2016, a security researcher discovered a security flaw within a popular PHP mailer library used by more than 9 million websites worldwide.  So if you are currently using a content management system such as WordPress be aware that the flaw could be exploited to execute arbitrary PHP code on the affected system allowing the remote attacker to take complete control of the application and launch further attacks against the internal network.  The flaw has affected PHP mailer versions below 5.2.20 along with other libraries that include the vulnerability code SwiftMail and the Zend Framework.  Two different variants of the VM have been identified in versions 5.2.18 and 5.2.19, download the VM here

What is the vulnerability?

The original advisory lists the flaw as “Remote Code Execution”, whilst this could be true given the correct set of circumstances, it does not allow code execution in all cases.

The flaw arises from insecure parsing of the “sender” argument passed to the mailing function (setFrom() to be more specific). This allows the attacker to craft a request that will result in additional command line arguments being passed to the underling mailer binary. The attacker is therefore limited to the command line arguments supported by the installed MTA.

For example, if the application implements Sendmail, the command line argument -X can be supplied to write a log file to any location on the file system for which the executing user has permission. The log file contains verbose log information that includes data supplied by the attacker. One exploit scenario is that the attacker exploits Sendmail to write a malicious PHP file within a web accessible directory, accessing the file will then execute embedded PHP code to take control of the system.

Am I affected?

The vulnerable library should be updated on all affected systems regardless of configuration, however there are a few prerequisites to exploiting this flaw which are discussed below.

To exploit this flaw the attacker must control the sender address of the email. This may occur when a contact form, or similar, sets the “From” address to the email addressed supplied by the user. This may be the case for several different types of contact forms, to allow the recipient to reply to the sending user directly.

Even when the sender address is attacker controlled, in order to execute malicious code, the underlying mailer binary must provide a command line argument that can be abused. Sendmail was identified within the original advisory, however several alternatives to Sendmail such as Exim4 are commonly used.

Does AppCheck detect the flaw?

Yes, our initial update was available to subscribers on the 28th of December 2016. Further updates will also be made live on the 4th of January to safely exploit the flaw and detect the vulnerability in a wide range of configurations.

Detecting and Exploiting the vulnerability

There are several methods that can be employed to detect the flaw remotely; each method has associated pros and cons. As with all of our security checks, multiple methods are combined to offer the greatest level of assurance possible.

AppCheck identifies the target component by crawling the target application to identify all points in which attacker supplied data could be processed. Each identified parameter is then tested using the following methods (but not limited to):

Out-of-Band detection

One accurate method of detecting this flaw is to use SMTP as an out-of-band detection mechanism. For example, when Sendmail is implemented as the MTA, the -N command line argument can be used to define when a failure (Delivery Status Notification) email is sent back to the sender. AppCheck submits an email address monitored by our Sentinel system along with -N success, failure option. If an email is received we can assume that the system is likely to be vulnerable. This is further confirmed by resubmitting the request with -N never, which should not generate an email.

DNS is also used to identify potential candidates for further fuzzing techniques. In this case AppCheck submits two payloads containing specially crafted domain names that are detected by our Sentinel DNS server. By changing each payload so that only one should successfully perform the DNS lookup on a vulnerable system we are able to identity the vulnerability.

Safe Exploitation

AppCheck includes a safe exploitation module for this vulnerability that will attempt to fully confirm the flaw. The exploitation features are continually developed and we will add further techniques over the coming days.

One method employed by AppCheck is as follows;

All web directories are logged during the crawl phase.

When the PHPMailer vulnerability is identified, an attempt to write to each directory is performed using paths relative to the current directory.

For example, if the flaw is identified in https://target/forms/contactus.php and the following web paths are observed within the crawl; http://target/forms/resume/ and http://target/uploads/, the following payloads could be used in an attempt to create a PHP file in each directory:

“<?php phpinfo() ?>\” -X ./resume/VvClx.php “@x.com

“<?php phpinfo() ?>\” -X ../uploads/xSq0u.php “@x.com

If successful, accessing the file will execute the PHP code phpinfo()

Note: When targeting version 5.2.19, the \” should be replaced with ‘

Fixing the vulnerability

Initially version 5.2.18 of PHPMailer was reported to fix the issue, however it was found shortly after that this fix was flawed and could still be exploited. Versions 5.2.20 and above correctly resolve the vulnerability.

For Zend Framework users, upgrade to the latest release as described here; https://framework.zend.com/security/advisory/ZF2016-04

SwiftMail users should upgrade to version 5.4.5 or higher

References:

The flaw was discovered and reported by Dawid Golunski;

Original Advisories:

http://www.legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html

http://www.legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html

http://www.legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html

http://www.legalhackers.com/advisories/ZendFramework-Exploit-ZendMail-Remote-Code-Exec-CVE-2016-10034-Vuln.html

 

If you would like a FREE TRIAL of Appcheck for yourselves or any of your clients please get in touch on 01691 663000 or email sales@vcwsecurity.com

 

Would you like to help your clients look for vulnerabilities on their websites and web applications? – Appcheck

The reason that we are asking our partners this question is that over 70% of hacks/data breaches are through an exploited vulnerability within a website or web application.

We partner with an industry leading Web application vulnerability scanning tool called Appcheck to help our partners with this problem. The vendor is offering FREE TRIALS which can be extended to your clients and we are confident that it is a product that you will want to add to your portfolio.

Appcheck is a market leading Cloud, Automated, Website / App and External Infrastructure scanner built by a team of UK based CHECK and Crest accredited Penetration Testers. They currently have a portfolio of large Blue Chip Companies that they provide this service to, including the likes of Skype, Splunk, Capita, Iceland, WHSmith and many more. They have uncovered various new vulnerabilities in App’s such as in Ebay for example. They were also the first to write plug-ins for exploits such as Shell Shock and HeartBleed.

By using a regular vulnerability scanning tool you can seriously mitigate the risk of a vulnerability been exploited as you will be getting to the route cause and (hopefully) fixing it!

We are happy to say that through the vendor you can have a FREE TRIAL of the product and extend this offer to your clients as well. Attached is an example report and come the end of the trial you will be able to download on based on your website. Once your clients have seen the trial we are confident that it is a product you will want to add to your portfolio.


If you would like a FREE TRIAL of Appcheck for yourselves or any of your clients please get in touch on 01691 663000 or email sales@vcwsecurity.com

VCW secures first UK offering of AppCheck Vulnerability Scanner

AppCheck has been designed from the ground up and boasts one of the most intelligent SaaS web application scanning engines on the market. By working closely with some of the UK’s leading penetration testers, each scanning module has been designed to maximise detection accuracy whilst minimising false positives.

AppCheck NG boasts one of the most intelligent SaaS web application scanning engines on the market.

It uses two intelligent crawling technologies to discover components quickly and to identify hidden components through forced browsing. If a modern web browser such as Google Chrome can access the application, Appcheck NG can crawl it.

How the AppCheck NG scanning tool works:

Advanced Crawling – Uses multiple crawling technologies to accurately identify application components even in JavaScript and Flashrich applications

Meticulous Assessment Techniques – Effectively identifies the diverse range of vulnerabilities within web applications and infrastructure

Leading Edge Technology – Ever evolving technology that is quickly updated in response to new vulnerabilities

Accurate Detection – Systematically validates every discovery, removing ‘false positives’ and retaining only the true issues

Clear Reports – Delivers comprehensive scan results in a proven easy-to-understand format

AppCheck allows users to automate the discovery of security flaws within their applications, quicker, easier and more accurately by offering a unique scripting solution which maps and tests user work flows, thus ultimately mapping a much larger attack surface and identifying more flaws.


For more information about AppCheck call Kathryn Devine on 01691 663000 or kathryn.devine@vcwsecurity.com