Digital Security Research Group Performance within 2008-2009

Dec. 25, 2009 - PRLog -- The DSec company experts have been working upon retrieval and analysis of web application and system vulnerabilities and their publishing on the problem-oriented portals since 2001.
DSecRG released its first vulnerability report on December 25, 2007. From then on DSecRG stands apart from The DSec Company and over 2 years it have established long-term partnership with the largest computer software producers and due to its work acquired worldwide recognition in information security area.
DSecRG outcome:
Over 2008 41 security advisories were written and published, meanwhile the number of vulnerabilities amounted to 225.
Over 2009 64 security advisories with approximately 100 vulnerabilities detected were written, 37 were published.
In the year of 2009 DSecRG was engaged into corporate web-application analysis. During this year such leading computer software companies as SAP, Oracle, HP, SUN, IBM, Adobe and others officially thanked DSecRG researchers for the vulnerabilities detected in their products and their patching. Additionally several vulnerabilities found out in 2009 have got into the HP bimonthly list of TOP 5 most critical web-application vulnerabilities for 8 times. Moreover, vulnerabilities were detected not only in software products, but also in popular weblog resources such as Livejournal.com (http://dsecrg.ru/pages/news/show.php?id=18) as well as securityfocus.com (http://dsecrg.ru/pages/news/show.php?id=9), a worldwide known security resource.
Remote banking system security analysis is one of the DSecRG work priority areas. Since 2009 DSecRG has established cooperation with Russian Europay Members Association and regularly publishes a range of vulnerabilities detected in the bank-clients of the main Russian vendors on their private forum website.
During 2009 a variety of valuable research projects in ERP and ISMS security were completed, DSecRG researchers assisted in Metasploit (1,2,3) designing, for what were thanked by its developers. This year was also marked by successful presentation at The T2 .fi International Security Conference.
Among all DSecRG achievements the book release “Oracle Security from the Eye of the Auditor: Attack and Defense” by Alexander Polyakov, DSecRG administrator, deserves special attention. Pete Finnigan и Paul Wright, the leading world experts in this area, have reviewed this book (1,2,3).
Due to work carried out lately by DSecRG researchers great progress was made thus the Research Center became widely recognized on both Russian and world security markets. “Next year we are planning to optimize DSecRG operation. Therefore we constantly contribute to the expansion of partnership network and formation of joint cooperation among advisors, developers, integrators and users of various systems. Application and system vulnerability analysis enabled us not only identify present-day information security problems but also define requirements for further research implementation. Recently we have began to give much attention to financial sector mainly dealing with detection and solution of problems in remote banking system area” – commented A.Polyakov.

# # #

Digital Security is one of the leading IT security companies in CEMEA, providing information security consulting, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards. Digital Security Research Group focuses on web application and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website.