The technology developed by Gauntlet will be incorporated to the AppSec Flow, expanding the services spectrum in AppSec
Conviso proudly announces the acquisition of Gauntlet.io Security, an application security testing company, whose technology is to complement the Continuous Application Security portfolio by Conviso.
The approach for this acquisition is technical, since Gauntlet´s…
WildFly[1], formerly known as JBoss AS, or simply JBoss, is an application server authored by JBoss, now developed by Red Hat. WildFly is written in Java, and implements the Java Platform, Enterprise Edition (Java EE) specification. It runs on multiple platforms.WildFly is free and open-source software, subject to the requirements of the GNU Lesser General Public License (LGPL), version…
Ekoparty is an Infomartion Security Conference that happens every year in Buenos Aires Argentina. And it is known as one of the best InfoSec Conferences in Latin America, if not the best, at least in my opinion so far.
The first day at Ekoparty 2013 was mostly for Registration, Workshops and Wardriving. The venue is really nice, as it has an underground like look and feel. You really feel that you…
Spree Commerce [1] is “a 100% open source e-commerce platform powered by the popular Ruby on Rails framework. It was designed to make customization and upgrades as simple as possible”. We have found Multiple Unsafe Reflection [2] vulnerabilities on it that affected any version >= 1.0.0.
The vendor has provided patches that fix the flaws [3]. Our advisory with more detailed…
Introduction
Copyright and Disclaimer
The information in this advisory is Copyright 2010 Conviso and provided so that the society can understand the risk they may be facing by running affected software, hardware or other components used on their systems. In case you wish to copy information from this advisory, you must either copy all of it or refer to this document (including our URL). No…
Introduction
Copyright and Disclaimer
The information in this advisory is Copyright 2010 Conviso and provided so that the society can understand the risk they may be facing by running affected software, hardware or other components used on their systems. In case you wish to copy information from this advisory, you must either copy all of it or refer to this document (including our URL). No…
Introduction
Copyright and Disclaimer
The information in this advisory is Copyright 2010 Conviso and provided so that the society can understand the risk they may be facing by running affected software, hardware or other components used on their systems. In case you wish to copy information from this advisory, you must either copy all of it or refer to this document (including our URL). No…
Introduction
Copyright and Disclaimer
The information in this advisory is Copyright 2010 Conviso and provided so that the society can understand the risk they may be facing by running affected software, hardware or other components used on their systems. In case you wish to copy information from this advisory, you must either copy all of it or refer to this document (including our URL). No…
Uma versão em PDF também está disponível | A PDF version is also available
Spree e-commerce JSON Hijacking Vulnerabilities – CVE-2010-3978
Introduction
Spree e-commerce is an open source commerce platform written for the Ruby on Rails framework supporting “Over 100 extensions created by our active and dedicated community”. This problem was confirmed in the following…