Welcome!!!
Dear visitor, hello and welcome to our blog :) DefenseCode is an IT start-up focusing on information security. Our goal is to develop products to automatize detection of vulnerabilities in web...
View ArticleA short insight into ADSL security
Recently, one of our security researchers has been working on a project related to ADSL security. During his research with various ADSL routers, cameras, and other devices, he also created a simple...
View ArticleDefenseCode @ FSEC - FOI Security Symposium 2012
FSEC, Security Symposium (http://fsec.foi.hr) held at Varazdin's FOI was the only proper information security event held this year in Croatia where IT security specialists could gather and discuss the...
View ArticleCross-Site Request Forgery against applications that use JSON RPC
Cross-site request forgery is common and well known web application vulnerability. Most of the time exploiting these vulnerabilities is relatively straightforward. You just need to set up a proper HTML...
View ArticleClik here to view.
Diving into recent 0day Javascript obfuscations
Introduction One of the most common ways for an attacker to infect system over the Internet is using Javascript. Typical Web exploitation frameworks like Blackhole utilize polimorphic Javascript as a...
View ArticleAnnouncement: DefenseCode ThunderScan v1.1 - Web Application Source Code...
We are proud to present you a new product for comprehensive Web Application Security Scanning. DefenseCode ThunderScan v1.1 for Web Application Source Code Security Analysis is available now. Demo run...
View ArticleVulnerabilities in WP E-Commerce plugin for WordPress
DefenseCode released Security Advisory DC-2012-11-001 to address an issue that affects Wordpress WP E-Commerce Plugin, one which has more than 2 million downloads and is one of the most popular for...
View ArticleSoon to be expected...
Hi folks, We're working very hard on new stuff and security research, so very soon DefenseCode will release some interesting stuff... Like... - Cisco Linksys remote preauth 0day root exploit -...
View ArticleDefenseCode Security Advisory (UPCOMING): Cisco Linksys Remote Preauth 0day...
Story behind the vulnerability... Months ago, we've contacted Cisco about a remote preauth (root access) vulnerability in default installation of their Linksys routers that we've discovered. We gave...
View ArticleDefenseCode Security Advisory (UPCOMING): Cisco Linksys Remote Preauth 0day...
Starting a few hours ago, we began a quick analysis as to how many Linksys models might be vulnerable. From what we can tell so far, at least one other (not just the WRT54GL) Linksys model is probably...
View ArticleBroadcom UPnP Remote Preauth Root Code Execution Vulnerability
During the security evaluation of Cisco Linksys routers for a client, we have discovered a critical security vulnerability that allows remote unauthenticated attacker to remotely execute arbitrary...
View ArticleDefenseCode Security Advisory: Cisco Linksys Remote Preauth 0day Root Exploit...
A few weeks ago, we have announced remote preauth root access exploit for Cisco Linksys (http://www.youtube.com/watch?v=cv-MbL7KFKE). Vulnerability details were disclosed...
View ArticleFirst public patch for Broadcom UPnP vulnerability
First public patch for Broadcom UPnP vulnerability from TP-Link. From: http://forum.tp-link.com/showthread.php?2252-Fixed-a-critical-vulnerability-issue-related-to-UPnP Fixed a critical vulnerability...
View ArticleBack To The Future: Unix Wildcards Gone Wild
Hi, We wanted to inform all major *nix distributions via our responsible disclosure policy about this problem before posting it, because it is highly likely that this problem could lead to local root...
View ArticleBrand New ThunderScan and Web Security Scanner
Hello, It's been a while since our last post. We have been working hard on improving our flagship products - ThunderScan Source Code Security Analyzer SAST and Web Security Scanner DAST solution. We...
View ArticleBroadCom UPnP Format String Preauth Root Exploit Aftermath (Few Years Later)
Hi, Few years ago, we have discovered a remotely exploitable preauth Format String vulnerability in Broadcom UPnP implementation used in popular routers. Vendors were notified and advisory was...
View ArticleApache Tomcat Vulnerabilities Found Using DefenseCode ThunderScan SAST
During the source code security analysis of Apache Tomcat with DefenseCode ThunderScan SAST solution, two different security issues were discovered, ranked as medium risk. When exploited, discovered...
View ArticleHigh Risk 0-day Vulnerability Found in Magento eCommerce
During the security audit of Magento Community Edition, a highly popular e-commerce platform, a high risk vulnerability was discovered that could lead to remote code execution and thus the complete...
View ArticleStealing Windows Credentials Using Google Chrome
Hi, Check out our new whitepaper about stealing Windows credentials using the most popular browser today - Google Chrome. URL:http://www.defensecode.com/news_article.php?id=21 Regards, DefenseCode Team
View ArticleDefenseCode Is Looking for New Partners and Resellers
In order to additionally expand its rapid growth, DefenseCode L.L.C is currently looking to expand our world-wide partners and resellers for our software products and services. If you are interested in...
View ArticleThunderScan Discovered Multiple Vulnerabilities in Google API Client Library...
Hi, During the security audit of Google APIs Client Library for PHP multiple XSS vulnerabilities were discovered using DefenseCode ThunderScan SAST application source code security analysis platform....
View ArticleMultiple Buffer Overflow Vulnerabilities in IBM Database software (DB2 and...
Hi Dear Reader, During the last couple of weeks we have published security vulnerabilities in database tools related to DB2 and Informix databases. We're sure that you (as responsible database admin)...
View ArticleApplication Security Testing (the Wild West perspective)
Imagine running a bank in a small town. A small town in the Old Wild West. Gangs roam freely. Many people are poor and desperate. Law and enforcement exists, but is open for individual interpretation....
View Article
