Latest News
- Number of victims of online fraud could be much higher than reported
- Vulnerability research and disclosure
- Important - Millions of Coldfusion sites STILL need to apply patches
- Adobe ColdFusion's Directory Traversal Disaster
- Adobe vulnerability: Pen test firm finds ColdFusion admin page flaw
Click here to see more news.
Vulnerabilities
Click here to see more of ProCheckUp's published vulnerabilities.
Case Study
Code Review
One of the UK's largest financial advisory organisations was experiencing technical difficulties and suspected they had been compromised. They wanted an external company to not only run a penetration test but to take it a step further and run a code review to assure their security. After a lengthy procurement process the company discovered ProCheckUp were one of the few companies that offered a joint penetration testing and code review service.
ProCheckUp discovered that an attacked had managed to upload script to one of the websites; the website was then used to send malicious emails.
During testing ProCheckUp identified various different vulnerabilities including the below:
- File retrieval / remote file inclusion / execution
- SQL injection
- Restricted functions publicly accessible
- Login forms publicly accessible
ProCheckUp listed all the vulnerabilities in a detailed report which included an easy to understand management summary. A meeting was set where ProCheckUp discussed every vulnerability and offered advice to remediate them.
All issues were fixed following ProCheckUp's guidelines and the large financial has not been compromised since. ProCheckUp are still used on and annual and project basis to ensure the companies security.
Contact Us to discuss your specific code reviews needs.