Using server security scanners besides BitNinja: consequences, solutions
József Pálfi

Using server security scanners besides BitNinja: consequences, solutions

There are tons of paid/free cloud-based solutions or standalone applications available over the internet that allow the user to check a system’s security level. Depending on the need, people can choose from simple nmap through “blackbox” security assessment tools to a wide range of heavy-weight penetration testing tools. Our approach Here at BitNinja we think that security testing is the given organization’s responsibility. They should create a security-testing strategy and keep it up to date (often with help of an external partner, but it is very important that this is with the responsi...
Read more
New LogAnalysis with 109x speed
Nikolett Hegedüs

New LogAnalysis with 109x speed

New LogAnalysis with 109x speed The former version of SenseLog (which serves our robust LogAnalysis module) has processed the files at the start and observed them if there were any changes in them. It has used a lot of sources for the dates in the log rows. In this version it was necessary because SenseLog had to recognize the changes and had to decide whether it has to to something or not with the changes. The process of log files took longer time because of this. The current version only processing the changes, in the case of delegated logs, SenseLog stands at the end. This way therer...
Read more
Which are the most scanned ports?
Eniko Toth

Which are the most scanned ports?

What is a port? Ever since computers are able to run more programs at the same time and can connect to modern networks, ports became important. 3 things are needed for the communication between two machines: IP address of the host Port number Type of protocol (e.g. TCP, UDP) A port number is a 16-bit number between 0 and 65535. There are some specific ports which identify some exact services, e.g. port 80 is used for HTTP communication. Types of ports: Well Known Ports: 0 - 1023 Registered Ports: 1024 - 49151 Dynamic/Private : 49152 - 65535 W...
Read more
SQL injection examined 2/2 –Testing your apps against vulnerabilities
Ferenc Barta

SQL injection examined 2/2 –Testing your apps against vulnerabilities

In the previous part of the article, we had looked at some incidents to better understand how attackers try to find SQL injection vulnerabilities. Instead of looking for other incidents, I’ve decided to write a short introduction about testing your own application using publicly available automatic tools. Constantly searching for vulnerabilities on your web applications and services is vital. Most of the time, such systems are exposed to the Internet and it is certain that sooner or later, someone will try to exploit their vulnerabilities. Environment We’ll use a popular too...
Read more
The most common CMS attack types
Daniel Mecsei

The most common CMS attack types

Nowadays, the Internet plays a huge part in our lives. It gets bigger and bigger every day, now it has more than one billion websites. Most of these sites are built with CMS which stands for Content Management System. It is a tool that provides an easy-to-use method for users without any programming skills in creating websites. The most common CMSs are written in PHP because most shared-hosting providers only provide this way to share/operate your website with the community. According to the statistics, WordPress has the largest market share with 52%, followed by Joomla with only 6%. The...
Read more
What should you know about honeypots and proactive threat detection?
Nikolett Hegedüs

What should you know about honeypots and proactive threat detection?

Honeypots are a form of proactive threat detections. Proactive threat detection is the next step in improving an organization’s security posture. It has many significant advantages e.g. it provides information about the different kinds of threats attacking the organization and the possible vulnerabilities. It works like a trap A honeypot is a monitored resource that serves as a trap or a decoy against an attack or a threat. It is a security tool that helps to prevent, detect and to gather information about IT security issues. It prevents the threat from compromising its intende...
Read more
Ransomware: what is it and why is it dangerous?
Nikolett Hegedüs

Ransomware: what is it and why is it dangerous?

Nikolett Hegedüs
Let’s start with the definition. Ransomware is a kind of malware that installs itself onto an unprotected computer, encrypts some files, and asks for a certain amount of money for decryption or to not publish certain sensitive information online. It is called a denial-of-access attack and it can be very frustrating because you know that the files are there but you can’t access them.   There are two types of ransomware attacks: Simple ransomware or lockscreen, where the system is locked. The attack is more serious if the files are really encrypted. It is called a file co...
Read more
SQL Injection examined 1/2
Ferenc Barta

SQL Injection examined 1/2

Relational database, SQL, SELECT SQL is a language designed for the manipulation of relational databases and for the retrieval of information from that database. A relation most commonly looks like a chart, which can be, for example, an article.   ARTICLES ID Title Text 1 DoS abc1  2    DDoS abc2...
Read more

Our port Honeypot module is out of Beta

Nikoletta Szabo
We are happy to announce that our developers officially released the port honeypot module. The port honeypot is a perfect way to fight against zero-day attacks and many of our customers are satisfied with it because the module catches and entraps hackers who attempt to break into or scan their servers making them aware of the incoming malicious traffic. The module sets up 100 honeypots chosen randomly from the 1000 most commonly used ports and is able to detect malicious port scanning conducted by hackers.For example, it gets installed on a port where usually there should not be in...
Read more

Censys vs. BitNinja

Mariann Csorba
What is Censys? It is a search engine which allows people to search for the details on the devices and networks that compose the Internet. It uses the database of Zmap and ZGrab network scanners. Day by day, it analyses more than 4 billion IP addresses, which can be examined with the help of Censys.io. The scanning is done once a day. Censys, the Unescapable It is almost impossible to hide from it, as it finds anything, anywhere that is connected to the Internet. Along with the servers storing and serving the content of webpages, webcameras, CCTV cameras, industrial networks, prin...
Read more