Secuna, the Philippines’ first and only cybersecurity testing platform, has reported that it has detected and resolved 494 vulnerabilities across 21 private local firms in 2021. This accounts for 45.57% of the total number of cybersecurity flaws fixed by the company since its inception.
According to Secuna’s report, 58.89% of vulnerabilities they identified came from the enterprise technology sector in which 30 were classified as critical, 56 were high, and 152 were medium-risk severity. Financial services companies saw the second-highest portion of medium-risk vulnerabilities covering 20% of the total cyber weaknesses discovered. Out of the vulnerabilities disclosed, 15.78% of medium, high, or critical-risk vulnerabilities affect the health sector, while 5.33% high and medium risk vulnerabilities affect other organizations.
The top three “critical” vulnerabilities unveiled by Secuna’s certified cybersecurity testers are remote code execution flaws, SQL injection flaws, and exposed .git repositories. Remote code execution (RCE) vulnerability can be exploited to remotely control the target server, retrieve the whole source code, access the database, and even delete the whole filesystem of the server.
Secuna explained that the SQL injection vulnerabilities found by its penetration testers can be exploited by malicious users to obtain full access to the database and cause massive data breaches depending on their privilege. Meanwhile, exposed .git repositories allow hackers to retrieve the source code of the target application along with sensitive keys, passphrases, and tokens among others.
The platform’s vulnerability assessment and penetration testing services have also discovered security weaknesses including zero-day security flaws, cross-site scripting (XSS) gaps, insecure direct object reference (IDOR) vulnerabilities, and missing security and privacy best practices, which if neglected could lead to terrifying cyber consequences.
“Secuna encourages companies to review their assets for these security gaps and take measures to eliminate known vulnerabilities,” said CEO and Co-Founder AJ Dumanhug.
On the other hand, Secuna’s bug bounty payouts increased to $24,045 for valid bug reports from its thousands of ethical hackers. Secuna’s bug bounty program (BBP) service allows its clients compliant with Bangko Sentral ng Pilipinas and National Privacy Commission to collaborate with vetted security researchers around the world to identify potential security threats in their applications.
According to Dumahug, for every valid bug submission from Secuna researchers, the program owners reward them depending on the severity of the vulnerability discovered.
“Cybercriminals are already testing your app to find potential loopholes that will allow them to compromise your application or server. Having no BBP will leave you clueless about potential vulnerabilities in your application. BBP solves this problem by allowing good hackers to report those potential vulnerabilities and allow you to resolve this before cybercriminals exploited those vulnerabilities for their personal gain. BBP also helps clients to maintain compliance by regularly testing their applications,” said Dumanhug.
Without a proper policy in place, security researchers might be less inclined to report a vulnerability, or cyber criminals might join the hunt.
Secuna requires a KYC (know your customer) check for hackers before they could hunt vulnerabilities. The company currently offers a free subscription, and only adds a 10% commission on top of every rewarded bug report.
Secuna is the first and only crowdsourced cybersecurity testing platform in the Philippines that has a community of hundreds of the world’s most advanced and highly-vetted cybersecurity professionals and ethical hackers. The company offers Managed Service that helps in setting-up ISO-compliant Security Vulnerability Disclosure Program and Bug Bounty Program to receive and act on vulnerabilities discovered by cybersecurity professionals. Secuna also offers Compliance Service, a comprehensive ISO-compliant Vulnerability Assessment and Penetration Testing (VAPT). This service is tailored-fit for apps/websites that have never been tested for cybersecurity flaws or businesses with requirements of Third-Party Assessment reports from government agencies.
Some of Secuna’s notable clients are Dashlabs, QuadX, UBx, Kumu, Paymongo, and Palawan Express.
The company has been striving to be at the forefront of cybersecurity in the Philippines. Since our inception in 2017, it has been committed to helping companies, organizations, and even the government secure their digital assets.
SECUNA is the combination of SEC (short for “security”) and UNA (Filipino word for “first”).
Karina is not your ordinary supermom. She juggles her time bonding with her three amazing kids while being in the loop on the latest happenings in the tech and lifestyle scene. Follow me on Instagram (@digitalfilipina) regularly visit www.digitalfilipina.com for daily dose of updates not just for moms but for everyone!