Webapp Security Fengshui (Macau & HK editions)

Post date: Jun 21, 2011 3:34:27 AM

We have presented web application security survey in both Hong Kong (27 July) in HK Conventional & Exhibition Center and Macau (20 July) in Manetic, we are officially invited to give presentations by HKCERT and MOCERT respectively. Brief reports have been attached as below.

Aha, some companies and universities have reached us to change the numbers of findings as the we understand the high number of vulnerability found may give a sense to people the site is readily vulnerable, be frank, as Knownsec Scanv platform is mature, we are quite sure the number could readily reflect one should put more budget and resources to the Web application security. We are still considering whether we change the figures. As in our research philosophy, we don't change the number once the report is published, We knew that this kind of research is like kicking their back, hopefully, this would help them to ask for budget from an external independent researcher. As an ethical hacker, we have already provided detailed report to organizations who requests it.

In addition, we all knew this kind of research and survey are offensive to senior management and audit, ops, why do I get many findings but our IT audit reports are all in green color? It implies the quality of IT audit and IS department should pay more attention about it. Of course, you may think we break someone's rice bowl, however, please think carefully and positively whether we break their bowls or save their lives before the real attack strikes.

Meanwhile, we will proceed on Taiwan region, Taiwan, we are coming, in addition, HK and Macau, we will do it again every 4 months. Please show us, your customers, shareholders and employers as well as public you have done your homework well instead of keep asking us to mask your name from our report. :-)

In next report, we will still keep the same assumptions and our offensive style but there is NO REAL ATTACKS AND EXPLOITS done, please stay tuned.