Security Advisory 2104-03
Missing server-side password policy Overview Advisory ID: TRSA-2104-03 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2104-03 Affected product: HealthForYou & Sanitas […]
Comparing Detection Results with Microsoft365 Defender
Our objective: Comparing detection results from our EAGLE system with Microsoft365 Defender. And since the environments we typically work in are hybrid IT environments, consisting of both cloud and on-premise infrastructure, we wanted to make sure to include on-premise Windows machines in our testing process.
Security Advisory 2105-01
Unencrypted cleartext transmission of sensitive information Overview Advisory ID: TRSA-2105-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2105-01 Affected product: VeryFitPro […]
Security Advisory 2104-02
Account takeover with only email address possible Overview Advisory ID: TRSA-2104-02 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2104-02 Affected product: […]
Security Advisory 2104-01
User enumeration through API Overview Advisory ID: TRSA-2104-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2104-01 Affected product: HealthForYou & Sanitas […]
Security Advisory 2103-01
Authenticated SQL injection in ERPNext 13.0.0/12.18.0 Overview Advisory ID: TRSA-2103-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2103-01 Affected product: ERPNext Tested […]
Security Advisory 2103-02
Multiple XSS vulnerabilities in ERPNext 13.0.0/12.18.0 Overview Advisory ID: TRSA-2103-02 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2103-02 Affected product: ERPNext Tested […]
Vulnerability management in critical infrastructure
Vulnerability management in critical infrastructure - practical experience from the tank storage industry. To manage risks, you need to know your attack surface in the IT and OT infrastructure. Vulnerability management in critical infrastructure is therefore essential.
Security Advisory 2010-01
Email address enumeration vulnerability in the password reset function of Rocket.Chat Overview Advisory ID: TRSA-2010-01 Advisory version: 1.2 Advisory status: Public Advisory […]
Tired of Slow, Manual Logstash Syntax Checking?
In order to accelerate the process of writing log parsers in Logstash, we set out to develop our own Logstash syntax checking tool. This blog article outlines how the syntax checker works and explains how this does not interfere with Logstash’s real-time pipelining capability.
Reducing the attack surface through vulnerability management
If we have to assume that the human vulnerability will be exploited sooner or later, the underlying IT infrastructure must be hardened accordingly and the attack surface consistently reduced.
Security Advisory 2004-01
SQL Injection in Login API Endpoint Overview Advisory ID: TRSA-2004-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2004-01 Affected product: Web application […]