Is automated vulnerability testing enough?


It wasn’t enough for Equifax.  In today’s cybersecurity environment, you’ve got to think like a black hat hacker and protect your infrastructure from the techniques used not just the vulnerabilities themselves.

The Apache CVE security advisory was released on March 6th, the exploit for the vulnerability 1 day later, and Equifax was penetrated on March 10th, 3 days later.  Yes, retesting to ensure ALL systems were patched and ensuring scanners are working correctly would have helped, but it took until July 29th for Equifax to discover they had been hacked.  Their processes and software definitely let them down.

Why not have white hat hackers verify systems have been correctly patched and test for flaws manually?  Well, in a word, it can be expensive.  One new company, Appsecuri, is doing it very economically.  They automate where it makes sense, with bots that crawl for the latest vulnerabilities, exploits and malware, but manually apply those hacks because that’s how a black hat hacker will do it.

Using manual hacking techniques they can test multiple vulnerabilities and malware together to see if by combining those hacks they can escalate the severity level of a vulnerability.

By using certified hackers from Asia testing is performed much more economically. Appsecuri has found previously unknown vulnerabilities in Google, Facebook, Microsoft, eBay and Sony with their methods, and for a limited time we will test your infrastructure for FREE, pay only if we find critical or high severity vulnerabilities.

A glossary look at the effect of Ransomware

After the things we heard about WannaCry ransomware earlier this year, a lot of people have started ...

Read More

Top US Travel Site Secured From IDOR Vulnerability Before Exploitation

Databases often hold the backbone of an organisation; its’ transactions, customers, employee info. I ...

Read More
Here you'll find all the latest industry news and research by the experts at Appsecuri.





Congratulations. Your message has been sent successfully.
Error, please retry. Your message has not been sent.

Request our free 24-Hour penetration test and get vulnerability report.

  • Evaluate skills before any type of engagement with Appsecuri.
  • Level-1 Testing with manual approach in addition to static/dynamic.
  • Get a clear picture of root findings with mitigations in the report.
  • 90% of the time we find unknown hidden critical/high vulnerabilities.

Leave a Reply

Your email address will not be published.