For starters I run a small web development/design company. I am by no means a security "expert" but I am aware of best practices. Recently I was doing some research on some local companies in my town and I came across what looks like a fairly successful security company that makes encryption software. I liked their website and was interested in what it was running so I did some investigation into the source file. What I noticed was that they were running WordPress. They made no attempt to hide what plugins they were running and each plugin had a version number tied to it (most if not all are outdated). As I was reading into the source code more I also saw that they were listing the version number of their WordPress which is about 12 versions outdated. With just their version number I was able to find multiple XSS vulnerabilities with Google. Upon further inspection and using multiple other tools I was able to find the WordPress admin login page and the usernames for all the current users. Basically they are giving all the necessary clues anyone would need to compromise their website.
My question is, how should I go about making them aware of this? I am a small company and they are a large one. I know that they also have an in-house web development team.
Epic visual tool
Epson 5030UB 2D/3D 1080p 3LCD Projector
Submitted October 01, 2015 at 07:19PM by Exposauce http://ift.tt/1j3y7FA
No comments:
Post a Comment