AppShield Demo
AppScan Demo
web perversion demo
Press Release Back to Press Releases
Perfecto Technologies Launches Black Watch Labs: The First Online Web Application Security Management Resource
 

Black Watch Labs Issues First Security Advisory Concerning the Safety of Millions of Web Sites

Santa Clara, Calif. - February 17, 2000 - Perfecto Technologies, the leading developer of Web application security management software, today unveiled Black Watch Labs (www.sanctuminc.com/blackwatch/), an online research center dedicated to increasing awareness of Web application security issues within the Internet community. In addition to publishing general information on Web application security topics, Black Watch Labs will issue alerts when Web application vulnerabilities are discovered. Black Watch Labs today issued its first advisory, which demonstrates how ordinary search engines can be used to identify millions of Web sites that are potentially vulnerable to application-level hacking attacks.

"Up until today, there has been a noticeable lack of comprehensive information about Web application security," said Eran Reshef, senior vice president and co-founder of Perfecto Technologies. "As the leader in Web Application Security Management software, we recognized the significance of this gap and the potential risks faced by any business with a Web site and their customers. We established Black Watch Labs to identify and share Web application vulnerabilities."

"The subject of our first alert is a case in point," Reshef continued. "We discovered that search engines can be used to find Web sites with potential vulnerabilities that allow hackers access to extremely sensitive data. eBusinesses and consumers need to be aware of these problems."

The Black Watch Labs Web site will feature up-to-date information on Web application security, newly discovered vulnerabilities, white papers and links to other security organizations. Subscribers to the free service will also receive e-mail notification every time a new vulnerability is discovered.

In its first advisory, Black Watch Labs reveals how ordinary search engines can be used to discover potential Web application vulnerabilities in indexed sites. Because many Web application vulnerabilities have tell-tale characteristics, searching for the signature of a particular vulnerability can yield thousands of at-risk Web sites. Among the potential weaknesses such searches can uncover are: open debug options (which can be used to grant unlimited access to a site), the ability to track all visitors to a site and the ability to execute remote SQL queries (database commands). For technical details of this problem, please visit http://www.sanctuminc.com/blackwatch/.

For example, using Infoseek to search for links containing the word "price" yields 132,561 matches. A link that contains the word "price" might pass the price as a parameter exposing the site to eShoplifting (e.g. changing the price of the item purchased).

Searching AltaVista for the phrase "User Profile by Regions" results in 3,605 pages that contain the usage statistics of Web sites exposed to this loophole. These statistics includes information of users accessing the site, the path they choose during their visit, search engines and keywords used to reach site, etc.

"This is a particularly strong example of the state of application-level security throughout the Internet," commented Dennis Szerszen, of Hurwitz Group. "The idea that search engines can be used to detect Web application vulnerabilities within indexed Web sites, combined with the large number of vulnerable sites found, illustrates a frightening reality that should serve as a wake-up call to anyone doing business on the Internet."

About Perfecto Technologies
Founded in 1997 and headquartered in Santa Clara, Calif., Perfecto Technologies is the leader in Web Application Security Management software. AppShield, Perfecto's initial product offering, is the first to provide extreme security for customer-facing applications in dynamic eBusiness environments. Privately held, Perfecto is funded by blue-chip venture capital firms and industry leaders, including Goldman Sachs, Intel Corporation, Sequoia Capital, The Sprout Group and Walden Israel. More information about Perfecto Technologies may be obtained by visiting the Company's Web site at www.perfectotech.com or by calling the Company directly at (408) 855-9500.

 #   #   #

For Immediate Release
Contact:

Chris Benham
Perfecto Technologies, Inc.
(408) 855-9500
[email protected]

Kevin Pedraja
Sterling Communications
(408) 441-4100
[email protected]

Back to Press Releases


      © 2000 Sanctum, Inc.      Privacy Statement
  1. https://www.gustudentassociation.org/
  2. https://kimmerestaurant.com/
  3. https://www.nyonyafood.com/
  4. https://www.perfectotech.com/
  5. https://www.planetgapyear.com/
  6. https://whatcomvet.com/
  7. https://theclassicyachtexperience.com/
  8. https://www.batonrougerosesociety.org/
  9. https://www.finburysullivan.com/
  10. https://mikrofinanzinstitut.com/
  11. https://www.the-vision-of-harmony.org/
  12. https://www.pantheonpress.com/
  13. https://thefinancialgraduate.com/
  14. https://www.thenutkitchen.com/
  15. https://altiboutique.com/
  16. https://ambushsweden.com/
  17. https://goingonforgod.com/
  18. https://lasdopestattorney.com/
  19. https://www.sewardne.com/
  20. https://www.tehranfestival.com/
  21. https://brysonchristianmontessorischool.com/
  22. https://www.excalibureurope.com/
  23. https://www.originallotsoflox.com/
  24. https://www.wavespace-berlin.com/
  25. https://www.michiganmediates.org/
  26. https://www.yourmyrtlebeachproperty.com/
  27. https://metrcconference.com/
  28. https://biotechscope.com/
  29. https://jzbrasil.com/
  30. https://saafootball.org/
  31. https://griefergames.info/
  32. https://ampalauragarcianoblejas.com/
  33. sbobet
  34. judi parlay
  35. togel kamboja
  36. Pengeluaran Cambodia
  37. judi bola
  38. Togel Kamboja
  39. keluaran Kamboja
  40. slot thailand
  41. togel kamboja
  42. keluaran kamboja
  43. togel Kamboja
  44. slot demo
  45. keluaran cambodia
  46. togel cambodia
  47. live draw macau
  48. slot thailand
  49. pengeluaran kamboja
  50. judi bola
  51. sbobet
  52. slot demo
  53. togel sdy
  54. demo slot
  55. keluaran kamboja
  56. judi sbobet
  57. slot qris
  58. slot qris 5000
  59. slot qris
  60. slot deposit 5000
  61. slot qris
  62. pintarbersamamedan.org
  63. slot qris gacor
  64. slot qris 5000
  65. toto macau
  66. pengeluaran macau
  67. macau pools
  68. slot server thailand super gacor
  69. slot qris 5k
  70. togel hk
  71. togel hk
  72. togel hk
  73. togel hk
  74. data hk
  75. data sdy
  76. togel
  77. data sdy
  78. generasitogel
  79. generasitogel
  80. generasitogel
  81. Live Draw HK
  82. HK Lotto
  83. Live SDY Lotto
  84. Live HK
  85. Live Draw SDY
  86. Live SDY Lotto
  87. situs slot dana
  88. TOGEL SDY
  89. Live Toto Macau
  90. KELUARAN HK
  91. generasitogel
  92. Live Draw HK
  93. Live Draw Singapore
  94. Live HK
  95. pengeluaran macau
  96. Live Draw HK
  97. Live Togel Singapore
  98. Live Draw SDY
  99. Data HK
  100. Live Draw SDY
  101. Live Draw SGP
  102. Togel SDY
  103. Togel HK
  104. Live Togel SGP
  105. Live SDY
  106. live draw sdy
  107. Live HK Pools
  108. HK Pools
  109. Prediksi SDY
  110. SDY Hari Ini
  111. Slot Pulsa Indosat
  112. Slot Deposit Indosat
  113. Togel Sidney
  114. Slot Pulsa