High-Tech Bridge Security Research
High-Tech Bridge devotes significant internal resources to continuous security research. Some of the security studies we perform are regularly published in our blog. Vulnerabilities that our security researchers discover almost every week, help software vendors to improve security and reliability of their products. Above 300 large vendors fixed security vulnerabilities thanks to High-Tech Bridge Security Research Lab, including Microsoft, IBM, Novell, McAfee, Sony, HP, Samsung, PHP, OpenOffice, Corel, WordPress, Joomla, OpenX, SugarCRM, MantisBT, e107, MODX, Bitrix and many others.
|520||Security Advisories |
Patch Available Upon Disclosure
|2014 Q3 100%|
|2014 Q2 92%|
|2014 Q1 94%|
|2013 Q4 89%|
|2013 Q3 92%|
|2013 Q2 100%|
Vendor Average Time to Patch
|2014 Q3 21 days|
|2014 Q2 18 days|
|2014 Q1 12 days|
|2013 Q4 8 days|
|2013 Q3 13 days|
|2013 Q2 30 days|
How often should companies conduct web penetration testing? May 26, 2015
Following our previous blog post “How long does website penetration testing take” we received a lot of questions from our customers and partners about the recommended frequency of penetration testing for their web applications. In this blog post we will answer that question.
Drive-by-login attack: the end of safe web April 7, 2015
In this blog post, we are going to share some interesting facts about a new vector of drive-by-download attack that we called ‘drive-by-login’.
How much is your website worth on the Black Market? February 25, 2015
Web applications are becoming a vital part of our everyday life. Almost any application has a web interface, or a web API. Microsoft and Google are moving their flagship products to the cloud accessible and manageable via web interfaces. Even mobile applications interact with web interfaces to send and receive data. Almost any database in the world is connected to a web interface or web application. However, global “webization” has many hidden threats that companies and individuals do not realize. In this blog post we will try to explain why hackers are targeting your website, and how they can make money on it.
RansomWeb: emerging website threat that may outshine DDoS, data theft and defacements? January 28, 2015
More and more people become victims of ransomware, a malware that encrypts your data and demand money to decrypt them. A new trend on the market shows that cybercriminals will now target your website as well to get a ransom payment from you.
How long does website penetration testing take? January 26, 2015
Penetration testing is usually billed by the number of hours the security auditors (pen testers) spend on a project, many of us face the same question: how long does a penetration test take and so how much will it cost? In this blog post we will try to clarify how much time a web penetration test should normally take.