Security-Database

28/11/2016

Intensively testing our new PSR2 and PSR4 Code base. Will be v3 proof. Update will be soon in production.

06/10/2016

Rewriting lot's of our code to be PSR-2/PSR-4 compliant. Ouch ;) Need moral support ;) Really.

06/09/2016

Back to business

25/08/2016

Yeah 2000! Thanks to all!

28/07/2016

Wow! Tricky!!

We audited Pornhub, then PHP and broke both. In particular, we have gained remote code ex*****on on pornhub.com and have earned a 20.000$ bug bounty.

22/07/2016

Working on full implementation. A little bit tricky. Need to have sometimes and and propagate the right one between alerts...

28/06/2016

https://www.security-database.com/toolswatch/Handle-of-the-CPE-Deprecated.html

This update is one of our biggest ’technical’ updates. We will now fully handle the CPE Deprecated Dictionary made by NVD. Thousand lines of codes, tests, checks, re checks and more. Again, our data quality, but also our alerts, will be greater.But what is "Deprecated CPE Dictionary."It means that w...

10/06/2016

CPEDict 2.2 and 2.3 needs a cleanup… For exemple proxysg have 3 Parts (o/h/a), and in 2.3v, min 2 names proxysg and sgos … Grrr

08/06/2016

Seeing the light, but have underestimated the work to implement Deprecated CPE. Specially when we needed to update users CPE. Lot's of test case. Everything is done. Testing and testing again before Production!

17/05/2016

Reply from NVD: cpe:/h:::::~~~x86~~ is a good CPE and comply with the standard but are not intended to be included in the official CPE dictionary, but can be used by security tools to identify potentially vulnerable platform configurations.

Ok, it comply, but really? It mean a vulnerability affect all x86 hardware? We will not include this one ;)

15/05/2016

Working hard on the CPE Dictionary. We have found some incoherence like cpe:/h:::::~~~x86~~ or cpe:/o:linux or cpe:/o:microsoft. Improving our service to pass old Deprecated CPE to new CPE. Not a lots of code to rewrite, but a lots of verification ;)