One year anniversary of Heartbleed’s announcement, a new report shows that most large companies have not fully addressed the issue. According to a scan of Forbes Global 2000 companies, 74% of Forbes Global 2000 companies with public-facing systems vulnerable to Heartbleed (that’s 1,642 companies) have not taken every step to remediate the problem across all servers. “That’s 1,223 of the world’s largest and most valuable businesses still exposed to attacks,” the report says. (Source: Venafi)
System Engineers architects solutions, prepare and monitor production environments to deploy developers' code. This production setup can also introduce vulnerabilities that may leave the server vulnerable to a point that application security falls to earth.
Network devices threats include:
- Unnecessary port exposure: processes that are meant to listen on localhost, e.g., database, may be exposed unauthenticated to the internet-facing interface;
- Outdated and vulnerable packages: certain packages may not be up-to-date at the time of deploy and ignored during monitoring that may lead to remote code execution, deny of service and other vulnerabilities;
- Not hardened packages: packages by default usually are not secure. They need to be configured before being used, e.g., remove the web server banner to prevent the web server and its version from being identified. In case it is identified, cyber criminals can look for known exploits to compromise the entire server using the web server as the entrance point.
Gauntlet to the rescue
That said, we can help you many ways, including:
More things you'd like
Our cloud-based platform is:
- REST API Oriented: everything you can do using the web interface you can do using the API. The API Keys also can have a granular authorization;
- Role-Based Access Control: all the users must be inside a group and the group has the permissions. Those permission are to the level of methods and classes;
- Internal Testing: we can test your internal applications and servers either using SSH Tunnels or by deploying our Virtual Scan Appliance that will perform the scan and is integrated with our platform.
Have a question?
Talk to a nerd! Drop us an email at contact@gauntlet.io and we'll be happy to help :)