DATA SECURITY

Detectify Introduces an Open Source Security Tool for Ethical Hackers

Detectify | May 19, 2021

Ugly Duckling, a stand-alone application security tool specially designed for ethical hackers to make it easier for them to share their discoveries, is now available from Detectify, the SaaS security company powered by ethical hackers.

To keep on top of web application security, it's important to find web vulnerabilities as soon as they appear - before attackers exploit them. By offering ethical hackers the tools to build further test modules independently, Ugly Duckling speeds up the integration of vulnerabilities discovered by ethical hackers into automatic security tests on Detectify's platform.

When an ethical hacker discovers a loophole, he or she will create a module as a JSON file and test it in Ugly Duckling to ensure that it works. The JSON file is then implemented on Detectify's platform, allowing thousands of app owners and security teams to access the quality-checked findings. Vulnerability reports submitted to Ugly Duckling can be run live as security checks within 5-10 minutes of submission. It's a win-win situation: security and engineering teams can keep up with the latest exploitable vulnerabilities discovered in the wild, while ethical hackers can get paid more quickly.

To define the vulnerabilities, Ugly Duckling uses a custom JSON-based template format. It detects "stateless" vulnerabilities, i.e., vulnerabilities that can be discovered by analyzing the response to a single HTTP request.

Detectify crowdsources the most latest security research from ethical hackers and distributes it as payload-based tests to security engineers and application owners, allowing them to regularly check their applications for vulnerabilities.

On Github, you can find the Ugly Duckling vulnerability scanning tool, which is open-source and MIT-licensed. The Ugly Duckling web scanner is not limited to ethical hackers in Detectify's Crowdsourced network, but is open for all to use for bug bounty hunting, security research, or penetration testing, in keeping with the company's belief in a collective approach to security.

About Detectify


Detectify believes that everybody should have access to world-class cybersecurity knowledge. Detectify automates the most latest security findings from the world's top ethical hackers and delivers them to security defenders and web application teams. Detectify's security tools, which are driven by a network of hand-picked ethical hackers, check your application outside the OWASP Top 10 and help you keep on top of cloud threats.

Spotlight

Insights for CISO on Their ASM Journey The idea of an attack surface is not new, but how organizations and CISOs need to view their attack surfaces should be updated. Traditionally, IT has looked at an organization's attack surface from the inside out, asking questions like “What are the assets that connect to the wider internet

Spotlight

Insights for CISO on Their ASM Journey The idea of an attack surface is not new, but how organizations and CISOs need to view their attack surfaces should be updated. Traditionally, IT has looked at an organization's attack surface from the inside out, asking questions like “What are the assets that connect to the wider internet

Related News

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

DoControl SaaS Security Platform Now Offered Through GuidePoint Security

prnewswire | April 21, 2023

DoControl, the no-code Software as a Service (SaaS) security company, is proud to announce its partnership with GuidePoint Security, a leading cybersecurity solutions provider, which aims to provide a comprehensive cloud security solution to protect customers' data and applications in a rapidly evolving digital landscape. DoControl's innovative SaaS security platform allows businesses to monitor and control their cloud data with unparalleled accuracy and granularity. The platform is designed to meet each customer's unique requirements, providing customized, comprehensive, and scalable SaaS security solutions. With this partnership, GuidePoint Security customers will be able to manage their SaaS security risks more efficiently and effectively through better visibility into and control over their data. Citing DoControl's recently released study, "The SaaS Security Threat Landscape Report," John Chester, DoControl's VP of Sales, notes, "The average employee from companies of all sizes have shared, inadvertently or not, 2,246 company assets outside their organizations. Much of this is confidential or proprietary data. DoControl provides visibility into exactly who has access to data, and where it has gone." Justin Iwanasin, Director, New and Emerging Vendors at GuidePoint Security, says, "As organizations are rapidly moving to the cloud, the need to secure business applications for SaaS applications is ever present. It is important that customers are looking at ways to secure the data with a SaaS data security program and implement solutions that can help them understand that risk." To learn more about DoControl, visit the website or request a demo. DoControl will also be onsite at the upcoming RSA Conference in San Francisco from April 24–27, please schedule a time to chat with us, or visit our booth #4139 in Moscone South. About DoControl Founded in 2020 and headquartered in New York, DoControl is an automated data access controls platform for SaaS applications, improving security and operational efficiency with ease for enterprises. DoControl is backed by investors Insight Partners, StageOne Ventures, Cardumen Capital, RTP Global and global cybersecurity leader CrowdStrike's early-stage investment fund, the CrowdStrike Falcon Fund. The company's leadership team combines product, engineering and sales experience across cybersecurity, enterprise and SaaS innovators. For more information, please visit www.docontrol.io. Follow us on Twitter and LinkedIn. About GuidePoint Security GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions that minimize risk. Our experts act as your trusted advisor to understand your business and challenges, helping you through an evaluation of your cybersecurity posture and ecosystem to expose risks, optimize resources and implement best-fit solutions. GuidePoint's unmatched expertise has enabled a third of Fortune 500 companies and more than half of the U.S. government cabinet-level agencies to improve their security posture and reduce risk. Learn more at www.guidepointsecurity.com.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

WinMagic partners with Lumen Technologies to offer mission-critical cybersecurity solutions

Globenewswire | May 29, 2023

WinMagic Inc. (the "Company" or "WinMagic") is proud to announce that it is now a member of the Lumen Technologies (NYSE: LUMN) Channel Partner program. WinMagic offers powerfully simple and seamless authentication and encryption solutions that use the endpoint to deliver unbeatable security. This partnership will enable the Company to leverage Lumen’s extensive network and cloud and security solutions to expand capabilities to existing WinMagic customers and enter new markets through access to Lumen’s comprehensive partner program. As a Lumen Channel Partner, WinMagic can draw on Lumen’s integrated portfolio of global solutions to enable greater product adaptability regarding network services, infrastructure and applications. Lumen’s solutions and infrastructure, combined with WinMagic’s innovative authentication and endpoint encryption products, provide customers with a complete portfolio of cybersecurity solutions. “This is a game-changer for customers. Paired with WinMagic’s next-gen security, Lumen’s edge compute infrastructure and portfolio of advanced solutions gives customers real power,” said Sara Seegers, regional vice president of indirect channel sales at Lumen. “Customers want to scale their operations as quickly as possible. They know this is the key to increasing their efficiency and growing their business. Together, we can bring results that exceed customer expectations.” "This partnership with Lumen brings users WinMagic’s most secure authentication technology to date with an incredible user experience," said Rahul Kumar, vice president of sales at WinMagic. "Our MagicEndpoint provides real-time, continuous authentication of the user plus endpoint device without requiring any user action. This strategy delivers the ‘always verify’ element of zero-trust security. We're excited to extend our next-gen security solutions to the Lumen network." WinMagic’s MagicEndpoint passwordless authentication solution delivers preboot authentication, Windows login and passwordless authentication to online services and applications. The software’s zero-trust security design complements government and commercial environments while delivering an end-to-end secure user experience. SecureDoc endpoint encryption enables organizations to secure all their data at the same time, keeping it safe from cyberattacks without disrupting productivity. About Lumen Technologies Lumen connects the world. We are dedicated to furthering human progress through technology by connecting people, data and applications — quickly, securely and effortlessly. Everything we do at Lumen takes advantage of our network strength. From metro connectivity to long-haul data transport to our edge cloud, security and managed service capabilities, we meet our customers' needs today and as they build for tomorrow. For more information, visit www.lumen.com. About WinMagic WinMagic is a leading developer of cybersecurity solutions that, for 25 years, has raised the bar for endpoint encryption. Over 2,500 businesses and government agencies trust the company with over 3 million active licenses globally. The WinMagic authentication and encryption suite protects your company's data, on-premises or in the cloud. WinMagic delivers a seamless authentication and encryption experience that increases productivity while protecting users and data. For more information, visit www.winmagic.com.

Read More

DATA SECURITY, ENTERPRISE SECURITY, SOFTWARE SECURITY

Barracuda launches enterprise-grade SASE platform for businesses and MSPs

Prnewswire | May 18, 2023

Barracuda Networks, Inc., a leading provider of cloud-first security solutions, today announced a new platform called Barracuda SecureEdge, a SASE solution that helps make hybrid and remote work easier to secure. Barracuda SecureEdge integrates Barracuda's Secure SD-WAN, Firewall-as-a-Service, Zero Trust Network Access, and Secure Web Gateway capabilities. Using a single-vendor solution enables businesses and MSPs to strengthen their security posture and help to reduce costs. Delivered as a service, Barracuda SecureEdge secures users, sites, and IoT devices, is easy to manage and connects any device, application, and cloud/hybrid environment. According to Gartner®, "By 2025, 80% of enterprises will have adopted a strategy to unify web, cloud services, and private application access using a SASE/SSE architecture, up from 20% in 2021."1. Using a single-vendor SASE solution like Barracuda SecureEdge can lead to cost reduction and stronger security. It reduces the number of systems to purchase and lowers internal and external support costs. Additionally, improved security can be achieved and there are fewer risks of misconfigurations and interoperability issues that can happen between separate security systems. Today, cloud migrations, remote work, and the need for anytime, anywhere access makes a SASE solution essential. The new Barracuda SecureEdge platform makes hybrid and remote work easier to secure, strengthens security, improves performance, and reduces management complexity. Key use cases for customers include: Multi-layered network protection: Offers consistent policy enforcement for in-office and remote users, delivered from the cloud, on-premises, or in a hybrid environment. Protection against web-based threats: Protects against web-based threats, regardless of the location of the user. Secure remote access: Provides secure remote access for any user to any application and workload, with Zero Trust Access. Optimized cloud and application access: Facilitates optimized cloud and application access from any user or site by providing Secure SD-WAN capabilities. SecureEdge facilitates direct access to applications for remote users with Zero Trust enforcement, URL filtering, and traffic optimization to make the most of shared internet lines. Key highlights of the new platform are: Control and visibility: Provides a high level of control and visibility into user-generated traffic at each endpoint. Selective security inspection enables businesses and MSPs to maintain control over critical application traffic. Intent-based networking: Simplifies operations by applying intent-based networking principles across the entire platform, including SD-WAN and secure application access. Multiple levels of security and connectivity: Includes multiple levels of security and connectivity with auto-secure SD-WAN over all available uplinks. Built-in optimization: Built-in last-mile optimization uses advanced Forward Error Correction algorithms to mitigate packet loss and optimize network traffic. These algorithms are applied when connecting office locations as well as endpoints. Barracuda SecureEdge is available for customers, partners, and MSPs. Please see the following for more information: https://www.barracuda.com/products/network-security/secureedge "Barracuda's new SecureEdge platform provides businesses and MSPs with a SaaS solution that makes remote and hybrid work easier to secure and helps to improve security and reduce costs," said Tim Jefferson, SVP, Engineering for Data, Network, and Application Security at Barracuda. "With SecureEdge, Barracuda offers a cloud-native SASE platform that enables customers to control access to data from any device, anytime, anywhere, and allows security inspection and policy enforcement in the cloud, at the branch, or on the device." "The new SecureEdge platform from Barracuda, which offers a single solution that includes secure SD-WAN and remote access for users, will enable us to extend security features to the endpoint and make remote and hybrid work easier to protect," said David Peppard, Chief Technology Officer with SuperCare Health. "By implementing device-level security and inspecting suspicious or endangered network traffic on the SD-WAN device or in the cloud, we are confident that we can achieve a dramatically increased level of security." "Barracuda's new SASE service, SecureEdge is an innovative platform that provides enhanced security capabilities to the endpoint and facilitates the protection of remote and hybrid workforces," said Sascha Koecher, Technical Team Lead, Security & Network at Digit Solutions. "SecureEdge boasts a simple rollout and intuitive management, all accessible through a single portal. We are confident that our mutual customers will appreciate the benefits of the platform and enjoy peace of mind knowing their networks are protected against today's most advanced cyber threats." About Barracuda Networks At Barracuda, we strive to make the world a safer place. We believe every business deserves access to cloud-first, enterprise-grade security solutions that are easy to buy, deploy, and use. We protect email, networks, data, and applications with innovative solutions that grow and adapt with our customers' journey. More than 200,000 organizations worldwide trust Barracuda to protect them — in ways they may not even know they are at risk — so they can focus on taking their business to the next level. For more information, visit barracuda.com. Barracuda Networks, Barracuda and the Barracuda Networks logo are registered trademarks or trademarks of Barracuda Networks, Inc. in the U.S. and other countries. Other trademarks are the property of their respective owners.

Read More