Truesec acquires Digifort - secures a leading platform for next generation web-security automation

2018-03-26

As a step to secure its position as the future leader in Cyber security services, TrueSec acquires the renowned digital security firm Digifort. Digifort has developed a unique automation platform for web vulnerability and threat detection. As a first result of this acquisition, TrueSec’s customers will gain access to a new security service - TrueSec Inspect, a state-of-the-art vulnerability detection and threat exposure discovery automation platform for internet facing web assets.

“The combination of TrueSec's expertise in vulnerability research and Digifort’s advanced automated scanning technologies gives us a unique position to maintain our position as market leader in the new world of managed security services”, states Peter Galli, CEO TrueSec.

Truesec Inspect has the capability to continuously detect and manage any vulnerabilities within OWASP Top 10, Sans Top 25 and other unknown vulnerabilities. Besides vulnerability detection the service also detects common usability, performance and robustness issues.

Next generation security automation meets leading cyber security experts

Using a hybrid approach, leading Truesec vulnerability researchers and penetration testers provides continuous trimming improvement to the platforms machine-learning and deep intelligence capabilities. By integrating the experience and knowledge from a continuously increasing number of more than a 1000 advanced penetration tests and red-team assignments, the service can detect and manage any current and future vulnerabilities and threats.

“Truesec are the leading experts of penetration testing, vulnerability research and threats intelligence, Digifort has a unique platform for vulnerability automation and management, by combining these capabilities into one managed service offering we can provide our customer with the most excellent detection capability to date. The capability to continuously manage vulnerabilities and threats is a great improvement since we can now provide our customers with results 24/7, 365 days a year instead of one-shot static results without losing quality” Marcus Murray, VP Cyber Programs, TrueSec.

Security specialist Markus Millbourn leads the project

Former Digifort CEO Markus Millbourn brings his expertise to the implementation, management, and ongoing development of the service. Markus has more than 15 years of experience with application security and a deep knowledge of how to manage the development of different services and tools for the IT security industry.

As customer web applications are major targets for hacker attacks and intrusion attempts today, companies must stay updated on the latest security trends and attack techniques. Given the rapid development pace, many companies have difficulties following up on all updates and news. Security services like TrueSec Inspect are invaluable and of great help. My driving force is to assist customers in regard to security issues and services so that they can focus on their service activities instead.”, Markus Millbourn.

If you want to get in touch with Markus or learn more about TrueSec Inspect, send him an email or give him a call at +46 8 10 00 10.

For more information see: https://www.truesec.se/security/secure-website-truesec-inspect/

Questions about this post? Mail us!

Interested in our services?

Fill out your contact details and we'll send you the installation instructions.


Easily share your scan reports

2017-09-08

A lot of companies are using our scanner to regularly inspect their webpages for security vulnerabilities and different misconfigurations. Many of them have outsourced their development and would like to share the findings of our scanner in an easy way.

With our latest update it is now possible to share reports in a secure way and can in a easy way the reports to consultants to get a overview of the result and to be able to find out what actions are needed to fix the findings. With this new feature share the report so that the receiver can read and see the findings in an interactive way without having access to other reports or information detected our service.

Contact us to see an example of how a shared report can look like

Questions about this post? Mail us!

New feature in Triggerfish: Active vulnerability detection

2017-06-20

Companies today are exposed to daily attack attempts where attackers use automated tools to detect vulnerabilities. These tools allow an attacker to gain access to confidential customer information. The automatic tools these attackers use are becoming more sophisticated, which means that a vulnerability can be detected within hours of a release.

The same functionality is now introduced in Triggerfish. This allowsy you to automatically scan your website to identify the same security vulnerabilities that an attacker would discover. With the help of this active vulnerability detection, you can quickly get an overview over the security of your website, and fix detected vulnerabilities before an attacker has the opportunity to exploit them. The result of the automated scans will be displayed in our portal.

Read more about our scanner

Triggerfish scanner

Questions about this post? Mail us!

Prepare your application for GDPR with Triggerfish

2017-03-28

Much is being spoken about the General Data Protection Regulation, GDPR, which from 25th of may will regulate the handling of personal information in Sweden. It replaces Personuppgiftslagen (PuL) and will require extensive changes to organisations and businesses. Violating GDPR may result in high penalties, up to four percent of a companys turnover or maximally 20 million euro.

Detect and report incidents in time

One of the new requirements is that if there is a security incident involving personal data, such as a hacking or accidental loss of personal data, the incident must be documented and reported within 72 hours. In some cases, if for example there is a risk of identity theft or fraud, the exposed users need also be informed. To live up to the new requirements it is important that organizations and companies that process personal data have sufficient procedures and tools in place to detect, report and investigate incidents.

With the help of the monitoring service Triggerfish you discover incidents against your website and can report them in time.

Triggerfish is a monitoring service for websites which provides you a thorough understanding of what is happening on your web applications. The service detects data incidents such as ongoing attack attempts but also security flaws that attackers can exploit to gain access to confidential information. Triggerfish also alerts when your webapplication is used in an abnormal way, which is often a sign of an ongoing attack attempt.

Advantages of Triggerfish

  • Get information about security incidents and ongoing attack attempts in real time.
  • Get to know if an attacker managed to access any confidential information.
  • Get knowledge and gives the opportunity to examine in detail what the attacker or users have done.
  • Provides information about the suspicious activity on the website which often is a sign of an ongoing attack attempt.
  • Adaptable to different web applications and functionality.
  • Automatic review of your webapp to regularly detect security vulnerabilities and provide recommendations to increase your level of security.

Contact us to hear more about how Triggerfish can help you to meet the technical requirements regarding GDPR

Questions about this post? Mail us!

Zero-day detected in Apache Struts 2

2017-03-10

Struts is a popular open source framework for building Servlet/JSP based web applications. The vulnerability (CVE-2017-5638) is a remote code execution bug that affects the Jakarta Multipart parser in Apache which is used for uploading files. It allows an attacker to perform an unauthenticated remote code execution by crafting a special Content-Type value in an HTTP request.

The vulnerability is fixed in the latest version of Apache Struts 2. If you are using Jakarta-based file upload Multipart parser, upgrade to Apache Struts version 2.3.32 or 2.5.10.1 or higher.

In the last 2 days our web monitoring service Triggerfish has detected an increasing number of attack attempts where automated scanners are looking for affected web pages.

Attacks detected by Triggerfish

Questions about this post? Mail us!


Interested in our services?

Fill out your contact details and we'll send you the installation instructions.