• Website security is more than a tally of the latest vulnerabilities that may threaten a company’s websites. It’s about managing risk. The ramifications for companies who do not adequately protect and secure their websites are clear: Loss of data, malware infection, loss of consumer confidence and failure to meet regulatory requirements. No company can afford the black mark of a website hack.
  • Headquartered in Santa Clara, California, WhiteHat Security is the leading provider of website risk management solutions that protect critical data, ensure compliance and narrow the window of risk. Founded in 2001 by Jeremiah Grossman, a former Yahoo! information security officer, WhiteHat serves hundreds of customers in e-commerce, financial services, information technology and healthcare including many of the Fortune 1000. WhiteHat Sentinel, the company’s flagship product family, was launched in 2003.

    WhiteHat Sentinel is the most accurate, complete and cost-effective website vulnerability management solution available. It delivers the visibility, flexibility, and control that organizations need to prevent website attacks.

  • The WhiteHat Solution - WhiteHat Sentinel WhiteHat Sentinel is the industry's first continuous vulnerability assessment and management service for websites. It is the only solution in the market today that provides timely, comprehensive and verified vulnerability information for websites.

 

  • - Leading enterprise and government organizations worldwide rely on Imperva solutions to ensure data integrity and to prevent fraud, abuse and data theft. Imperva's solutions provide sensitive data discovery, activity monitoring, audit and security for a wide range of business applications and databases.
  • Imperva achieved 30 percent growth in 2009 over 2008, finishing a strong fiscal year 2009 with the largest quarter in company history. The company's success was driven by significant success in global growth, increasing the customer count to more than 1000 enterprises.
  • Imperva analyzed 32 million passwords to identify common patterns hackers may use to infiltrate accounts. The results were summarized in a report written by Imperva’s Application Defense Center (ADC) which can help consumers and enterprises implement better passwords to better protect themselves from cyber attack. .
  • Imperva, the Data Security leader, enables a complete security lifecycle for business databases and the applications that use them. Over 4,500 of the world’s leading enterprises, government organizations, and managed service providers rely on Imperva to prevent sensitive data theft, protect against data breaches, secure applications, and ensure data confidentiality. The award-winning Imperva SecureSphere is the only solution that delivers full activity monitoring from the database to the accountable application user and is recognized for its overall ease of management and deployment. For more information, visit www.imperva.com.
2010 Jan-22

PacketFocus warns of spear phishing vulnerability - Penetration testing company PacketFocus has experimented with a spear phishing attack -- and found that a wide range of e-mail services and appliances failed to filter it.

2010 Jan-11

PacketFocus spear phishing experiment succeeded due to the difficulty in detecting the messages-The spear phishing experiment, where a fake LinkedIn invitation was sent to specific users, had such a high rate of success, as this sort of message is hard to detect. Dan Raywood

2010 Jan-07

Email services that failed to block spear phishing message revealed - Following a spear phishing experiment that saw smartphones fall victim to an email claiming to be from Bill Gates, the creator of the experiment has revealed the email services that failed to block the message.

2009 Oct-29

Major smartphone brands fall to spear phishing experiment-Smartphones are falling to spear phishing campaigns after they receive a fake LinkedIn invitation from ‘Bill Gates'. - Dan Raywood

2010 Jan-01

Spear Phishing Experiment Shows Spoofed Social Media Email Bypasses Most Email Filters... Tips for Staying Safe from Similar Attacks

2009 Jan-22

Owasp5010 - Joshua Perrymon - Spearphishing And The Owasp Live CD - Recorded at the Open Web Application Security Project (www.OWASP.org) NYC Conference on Sep 24, 2008 – Content produced by www.MediaArchives.com

2010 Jan-22

PacketFocus warns of spear phishing vulnerability - Penetration testing company PacketFocus has experimented with a spear phishing attack -- and found that a wide range of e-mail services and appliances failed to filter it.

2007 Jun-14

RFID: Security Before Operations - Josh Perrymon, Packet Focus - RFID Connections interviewed Josh Perrymon, CTO of Packet Focus (RFID Audits Division) on RFID Security issues.

.Link to news article

2007 Jun-26

New RFID security threat: snooping tagged boxes loaded on trucks -Forbes.com is reporting researchers from PacketFocus Security Solutions and Atlas RFID Solutions used standard tag readers and antennas to read the electronic product code (EPC) labels on boxes loaded into an 18-wheel tractor-trailer rented from a local freight company. They ran the penetration test from outside the truck to learn what information could be pulled from the tags, which eventually will replace the ubiquitous bar codes used today.

2007 Sept-17

SAN FRANCISCO, Sep. 17, 2007 (KGO) -- The World-Wide Web is as dangerous a place to be as ever.- Then there is RFID crime; radio frequency identification. Your security card allows you to enter secured areas all work on RFID. Clothing and other large retail stores are replacing bar codes with this new technology, but anyone can buy a reader and scan anything including some credit cards. Joshua Perrymon owns RFIDAudits.com, an RFID security company owned by PacketFocus.

2009 Jul-06

New Tool And Managed Service 'Penetration-Test' End Users - A security researcher (Joshua Perrymon, PacketFocus CEO) next month plans to release a Metasploit-style hacking tool and a managed service that lets organizations wage realistic and complex email-borne phishing attacks on their end users to gauge their risk of multi layered client attacks.

2010 Jan-05

Spear-Phishing Experiment Evades Big-Name Email Products -The researcher who conducted a successful spear-phishing experiment with a phony LinkedIn invitation from "Bill Gates" has revealed the email products and services that failed to filter the spoofed message -- and that list includes Microsoft Outlook 2007, Microsoft Exchange, Outlook Express, and Cisco IronPort.

2010 Jan-22

The 9 Coolest Hacks Of 2009 - Hackers are always probing for ways to crack new technology, even elements so personal you would never imagine they could be hacked -- like, well, your face. Extreme hacks that hit close to home and we can see in the mirror remind us of just how much technology has infiltrated the everyday, and how fragile it ultimately can be at the hands of the bad guys. ( We got #5 for the email research)

2009 Dec-04

Bank Phishing Attacks Snare Few Victims But Tally Major Damage - Live phishing attack data on major banks shows just a small percentage of victims translates into big profits for bad guys and big losses for bank customers (Josh Comments)

2009 Oct-22

LinkedIN With 'Bill Gates' - Bill Gates invited me to join his LinkedIN network. OK, so it wasn't really Bill Gates, but as far as my email system, spam filter, and email client were concerned, it's perfectly normal for Gates to send me a LinkedIn invitation.

2009 Oct-28

iPhone, BlackBerry, Palm Pre All Vulnerable To Spear-Phishing Experiment ' - Three of the most popular smartphones -- iPhone, BlackBerry, and Palm Pre -- fell victim to a recent spear-phishing experiment that sent users a phony LinkedIn invitation from "Bill Gates," according to the security expert who conducted the research.

2009 Oct-22

Major Secure Email Products And Services Miss Spear-Phishing Attack - A spear-phishing experiment conducted during the past few days by a researcher has netted some disturbing results: Most major enterprise email products and services were unable to detect a fake LinkedIn invitation on behalf of "Bill Gates," which landed successfully in users' inboxes.

2009 Oct-06

Tens Of Thousands Of Email Usernames And Passwords Posted Online By Phishers- Lists containing tens of thousands of stolen email account usernames and passwords have shown up online during the past few days in what researchers say likely came out of multiple phishing attacks. (Josh Comments)

2009 Sept-10

New iPhone Anti-Phishing Feature Fails - The new Apple iPhone OS 3.1 software comes with a new anti-phishing feature for the Mobile Safari browser, but researchers say the filter doesn't work.

2009 Jul-06

New Tool And Managed Service 'Penetration-Test' End Users ' - New User Attack Framework (UAF) could eventually work with Metasploit's hacking tool, researchers say

2009 Feb-10

PacketFocus Partners With WhiteHat Security In 'On-Demand' Application Security - PacketFocus partners with industry leader WhiteHat Security to offer 100% on-demand security testing for today's most advanced web applications. PacketFocus is now the only IT Security company to offer "on-demand" testing of Network, Application, and Human Layer security (Phishing and Social Engineering Attacks).

2009 Jan-13

New Phishing Attack Targets Online Banking Sessions With Phony Popups - Researchers have discovered a sophisticated, new method of phishing that targets users while they are banking online -- sending phony popup messages pretending to be from their banks.

2008 Oct-08

Financial Crisis Leaves Bank Branches Open to Social Engineering, Targeted Attacks - Heightened concern over the growing financial crisis is making banks more vulnerable to targeted social engineering and spear-phishing attacks, researchers said this week.

2008 Sept-16

Disclosure of Major New Web 'Clickjacking' Threat Gets Deferred - Web security researchers bow to Adobe request for time to patch before releasing proof of concept of newly discovered, massive 'clickjacking' attack ( Josh comments)

2008 Jun-30

Cracking Physical Identity Theft - A researcher performing social engineering exploits on behalf of several U.S. banks and other firms in the past year has “stolen” thousands of identities with a 100 percent success rate.

2007 Dec-31

The Five Coolest Hacks of 2007 - Hackers are creative folk, for sure. But some researchers are more imaginative and crafty than others. We're talking the kind of guys who aren't content with finding the next bug in Windows or a Cisco router. Instead, they go after the everyday things we take for granted even more than our PCs -- our cars, our wireless connections, and (gulp) the electronic financial trading systems that record our stock purchases and other online transactions. ( We got #3 for RFID Hacking Research)

2007 Nov-01

New Key Management Technology Could Improve RFID Security - A lightweight encryption technology that uses a one-time, self-destructing encryption key will land on RFID chips sometime next year, according to the firm that developed it.

2007 Mar-23

New RFID Attack Opens the Door -Be careful of who walks up to your building and swipes an ID card: New proof-of-concept code will soon be released that lets attackers hack RFID readers and walk right in as if they work there. .

2007 Jun-25

Hacking Truckers -Now even truckers will need to worry about RFID security: Researchers say they have discovered that they can scan and hack electronic product code (EPC) labels on products being transported on 18-wheeler tractor-trailers.

2009 Oct-26

Daily Open Source InfrastructureReport for 26 October 2009 - A spear-phishing experiment conducted during the past few days by a researcher has netted some disturbing results: Most major enterprise email products and services were unable to detect a fake LinkedIn invitation on behalf of a very well known philanthropist which landed successfully in users’ inboxes. The CEO of PacketFocus sent a spoofed LinkedIn email to users in different organizations who had agreed to participate in his test.

2008 Jul-02

Department of Homeland Security Daily Open Source Infrastructure Report for 2 July 2008- A researcher performing social engineering exploits on behalf of several U.S. banks and other firms in the past year has “stolen” thousands of identities with a 100 percent success rate. The hacking director for PacketFocus Security Solutions and chief executive officer of RedFlag Security says organizations typically are focused on online identity theft from their data resources, and do not think about how the same data can literally walk out the door with a criminal posing as an auditor or a computer repairman..

2008 Jul-06

Cyber Risk Report - The Cyber Risk Report is a strategic intelligence product that highlights current security activity and mid- to long-range perspectives. The report addresses seven major risk management categories: vulnerability, physical, legal, trust, identity, human, and geopolitical. Cyber Risk Reports are powered by Cisco Security Intelligence Operations, an advanced security infrastructure that identifies, analyzes, and defends against threats to keep organizations informed and protected

2008 Oct-23

LinkedIN With 'Bill Gates' - Bill Gates invited me to join his LinkedIN network. OK, so it wasn't really Bill Gates, but as far as my email system, spam filter, and email client were concerned, it's perfectly normal for Gates to send me a LinkedIn invitation.

2009 Oct-22

Risk, Protection, and Access: Mastering Today’s Security Threats
Virtual Event Hosted by InformationWeek and Dark Reading
October 23, 2008 Speaker Panel list

2004 Jul-08

EXPLOIT-

Mozilla Fails to Restrict Access to "shell:"

Joshua Perrymon has reported a vulnerability in Mozilla, Mozilla Firefox, and Mozilla Thunderbird, allowing malicious websites to use Windows "shell:" functionality.