Aggregator
Cyber security for major events
What I learned from the ‘Microsoft global IT outage’
Meet the Shared Responsibility Model with New CIS Resources
Protecting SMS messages used in critical business processes
娃哈哈内斗终结:宗馥莉留任,上市提上日程,首先要解决国有股和职工股
The Security Principle Every Attacker Needs to Follow
Online gaming for families and individuals
Countdown to Paris 2024 Olympics: France leads in web interest
Countdown to Paris 2024 Olympics: France leads in web interest
Introduction to identity and access management
通用嵌套越狱提示可轻松骗过大型语言模型
新发现的应用程序提示
Using TLS to protect data
Experts Uncover Chinese Cybercrime Network Behind Gambling and Human Trafficking
网安周报 | 冯登国院士:要建立富有弹性的网络安全体系
《网络空间安全科学学报》成功举办 NCCA 2024“大模型的安全风险与应对”学术研讨会
通过“微软蓝屏事件”再一次反观工控安全技术路线选择
22nd July – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 22nd July, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES American Bassett Furniture Industries has been a victim of a ransomware attack that resulted in the encryption of data files and the shutdown of its manufacturing facilities. The attack has significantly disrupted […]
The post 22nd July – Threat Intelligence Report appeared first on Check Point Research.
How To Do a Security Audit of Pimcore Enterprise Platform
Our new research paper gives you a roadmap for using Pimcore's features while preserving security.
Enterprises are using Pimcore, an open-source enterprise PHP solution, to streamline data management and experience management across devices. Our new research paper "Auditing Pimcore Enterprise Platform" examines the most common issues with Pimcore and details methods that can be used to find new vulnerabilities in the software.
Pimcore integrates various functionalities, including product information management (PIM), master data management (MDM), digital asset management (DAM), customer data platform (CDP), and digital experience management (DXP). Built on the PHP Symfony framework, Pimcore can be deployed on-premises or in the cloud as a platform-as-a-service (PaaS) component.
Our research paper provides an overview of the core functionalities and structure of Pimcore, highlighting how its modular design promotes code reusability and maintainability. It also delves into common misconfigurations and vulnerabilities, such as cross-site scripting (XSS) and SQL injections (SQLi), and offers practical recommendations on how to safeguard your Pimcore instance.
By reading this research, you will:
Understand core functionalities: Gain insights into the architecture of Pimcore and how it leverages the Symfony framework to provide a scalable and flexible solution.
Identify common vulnerabilities: Learn about the typical security issues found in Pimcore installations, including misconfigurations that can lead to significant security risks.
Learn best practices: Get expert advice on maintaining security, performing regular vulnerability scans, and ensuring your Pimcore stack is always up-to-date.
Our paper also discusses the impact of enabling debug mode, the risks associated with exposed administration panels, and the importance of a stringent Content Security Policy (CSP). We provide detailed methodologies for identifying and mitigating the risks and ensuring that your use of Pimcore remains secure.
Whether you are a developer, security professional, or IT manager, this paper will equip you with the knowledge to optimize and protect your Pimcore deployments.
Download the paper now to understand the full potential of Pimcore while maintaining your security posture.