Tuesday, June 6, 2017

ThunderScan Discovered Multiple Vulnerabilities in Google API Client Library for PHP

Hi,

During the security audit of Google APIs Client Library for PHP multiple XSS vulnerabilities were discovered using DefenseCode ThunderScan SAST application source code security analysis platform. The Google API Client Library for PHP is designed for PHP client-application developers. It offers simple, flexible, powerful access to many Google APIs such as Google+, Drive, or YouTube.

The Cross-Site Scripting vulnerability can enable the attacker to construct the URL that contains malicious JavaScript code. If the administrator of the site makes a request to such an URL, the attacker's code will be executed, with unrestricted access to the site in question. The attacker can entice the administrator to visit the URL in various ways, including sending the URL by email, posting it as a part of the comment on the vulnerable site or another forum. Once the unsuspecting user has visited such an URL, the attacker can proceed to send requests to the API on the behalf of the victim from his JavaScript.

Full advisory can be read on the following URL: http://www.defensecode.com/advisories/DC-2017-04-012_google-api-php-client_Advisory.pdf

Regards,
DefenseCode Team

DefenseCode Is Looking for New Partners and Resellers

In order to additionally expand its rapid growth, DefenseCode L.L.C is currently looking to expand our world-wide partners and resellers for our software products and services. If you are interested in partnership with DefenseCode L.L.C for distribution of world's top class security solutions for Web Security Scanning and Static Source Code Security Analysis, as well as our security consulting services, we would be glad to hear from you.

Potential partners and resellers are encouraged to contact us over the e-mail partners@defensecode.com. We are looking forward to our new partners and more exciting business opportunities.

Regards,
DefenseCode Team

Stealing Windows Credentials Using Google Chrome

Hi,

Check out our new whitepaper about stealing Windows credentials using the most popular browser today - Google Chrome.

URL:
http://www.defensecode.com/news_article.php?id=21


Regards,
DefenseCode Team