Latest Blog Entries

Drive By ONT Botnet with IRC C&C
Demonstration of a botnet created purely by using embedded devices which are controlled remotely through vulnerabilities exploited from a webpage.

(IN)secure session data in CodeIgniter
A security analysis on how web applications created with the PHP framework CodeIgniter handle user sessions.

Panoptic - A tool to exploit path traversal vulnerabilities
An overview of Panoptic, an open source penetration testing tool that automates the process of search and retrieval of common log and config files through path traversal vulnerabilities.

Backdoor In Optical Fiber Device Alcatel-Lucent
The newest optical fiber devices offered by the ISP Infinitum have a backdoor which allow for full administration of these devices. This backdoor account is hidden by nature and does not allow for the password to be changed.

Latest News

Jun 18, 2014
Websec present at Campus Party 2014

Websec will be participating with four conferences at the largest Campus Party ever held, which will take place from the 24-29 of June in Guadalajara, Mexico.

Oct 01, 2013
Websec at DerbyCon 2013
A summary of Websec's participation at DerbyCon 2013 in Louisville, Kentucky.

Penetration Services

A penetration test simulates an attack from outside and provides a rigorous examination of potential and actual vulnerabilities, including software flaws, faulty system configurations, insufficiently robust countermeasures, and more.

Don't wait until it's too late – if an actual attack is your first penetration test, the losses you sustain will be all too real!

Read more

Source Code Auditing

A source code audit is a systematic examination of the source code of your Web application, in order to reveal vulnerabilities that can lead to potentially debilitating breaches of security, whether accidental or malicious in nature.

A Websec source code vulnerability audit is the first line of defense in keeping you safe and secure.

Read more

Security Monitoring

When your network suffers an attack, you need to know as soon as possible – any delay can result in a data breach, damage to your network, and losses that could prove to be catastrophic.

The automatic detection abilities of a monitoring service can provide the difference between stopping an attack as it happens, and being vulnerable to a huge loss.

Read more

Enterprise Training

Simple employee negligence accounts for nearly nine in ten occurrences of data breach in the workplace. An innocent mistake can result in massive losses, not only of money or data, but corporate reputation and customer loyalty.

Network security is too important to leave to chance, get your employees trained in security awareness today.

Read more