Search here...
Speak to a cibersecurity expert
Get in touch for a no obligation quote

    Author: Balwurk

    Balwurk > Articles by: Balwurk

    Application Security: A Zero Trust Approach

    Summary The summary underscores the principles and key components of the Zero Trust approach in cybersecurity. Beginning with the axiom "Never trust, Always verify," it explores benefits such as a proactive stance and enhanced visibility and control. It details the…

    Read More

    Partnership between Balwurk and IriusRisk

    We are delighted to announce that we have formalised our strategic partnership with IriusRisk. This will allow us to enrich our service portfolio and offer, strengthening our capacity for a fast and scalable response in providing Threat Modeling services by design and by…

    Read More

    CVE-2023-27168 – Unrestricted File Upload with Remote Code Execution

    Context During an authorised penetration testing assessment conducted on Xpand IT’s Write-Back software, Balwurk’s security team found multiple security vulnerabilities, first disclosed to the customer and then responsibly submitted to the MITRE CVE program. The discovered vulnerability allows attackers to…

    Read More

    Technical Spotlight – Improper Verification of Cryptographic Signature

    Context During an authorised penetration testing assessment of Xpand IT Write-Back software, Balwurk's security team found a vulnerability that allows an attacker to craft its own Write-Back commercial licenses, unlocking the software's full features without paying for it. What is…

    Read More

    CVE-2023-27172 – Weak JWT secret

    Context During an authorised penetration testing assessment conducted on Xpand IT's Write-Back software, Balwurk's security team found multiple security vulnerabilities, first disclosed to the customer and then responsibly submitted to the MITRE CVE program. Balwurk discovered that the JSON Web…

    Read More

    CVE-2023-27170 – Improper Limitation of a Pathname to a Restricted Directory

    During an authorised penetration testing assessment conducted on Xpand IT's Write-Back software, Balwurk's security team found multiple security vulnerabilities, first disclosed to the customer and then responsibly submitted to the MITRE CVE program. The discovered vulnerability allows an attacker to…

    Read More

    Partnership between Balwurk and Check Point

    Balwurk, a consultancy company dedicated to providing application security services, is moving steadily forward in its quest to deliver excellence in AppSec & Cloud Security. To achieve this goal, we are pleased to announce our recent partnership with Check Point…

    Read More

    CVE-2023-27169 – Use of Hard-coded Cryptographic Key

    During an authorised penetration testing assessment of Xpand IT Write-Back software, Balwurk's security team found multiple security vulnerabilities, first disclosed to the customer and then responsibly submitted to the MITRE CVE program. The discovered vulnerability allows an attacker to retrieve…

    Read More

    Partnership between Balwurk and Synopsys

    We are proud to announce the recently formed partnership with Synopsys, a global leader in Application Security (AppSec). By combining their expertise, the two companies are dedicated to helping organizations establish trust in their software by taking a holistic approach…

    Read More

    How is Application Security addressed in Quadro Nacional de Referência para a Cibersegurança (QNRCS)?

    What can be done to improve application security within the QNRCS? That's what we intend to answer in these lines. At the end of this article, you will know where to find the essential information to drive and maintain your…

    Read More