VMware Workspace ONE Access freemarker SSTI (CVE-2022-22954) Detection with Sn1per Professional

Information regarding a critical 0-day vulnerability affecting the VMware Workspace ONE Access and Identity Manager was disclosed and designated CVE-2022-22954 which allows an un-authenticated attacker to execute arbitrary code on vulnerable servers. On April 14th, CISA & US-Cert added CVE-2022-22954 to their catalog of known exploited vulnerabilities after a number of Proof-of-Concept (PoC) exploits were published online and exploit activity was actively observed. Given the impact and severity of the vulnerability, Sn1perSecurity has released an out-of-band update to help detect vulnerable servers in your environment using Sn1per Professional.

Severity: CRITICAL | Exploit Available: Yes | Exploitability: Easy | Remotely Exploitable: Yes

(more…)

April 14, 2022 Attack Surface Management, Bug Bounties, CVE's, News, Penetration Testing, Threat Intelligence No comments yet
Sn1perSecurity-Attack-Surface-Management-header2

Sn1per Professional v10.0 Released

After months of hard work and development, we are pleased to announce the release of Sn1per Professional v10.0. This is a major release with many fixes, improvements and new features to help customers get the most value using Sn1per. Starting with v10.0, customers will have have 3 new pricing plans to choose from which will more closely align with their needs while remaining competitive in the market. In this post, we will go into detail for all of these changes and more.

(more…)

February 1, 2022 News No comments yet
Sn1perProfessional-vs-Community

Sn1per Community vs. Professional – What’s The Difference?

We recently received some questions regarding differences between Sn1per “Community” and “Professional“, so we thought we would cover this in a detailed post. Whether you’re an independent security researcher or a multi-billion dollar company looking to purchase Sn1per Professional, we hope this blog post will guide you to make the best decision based on your needs and budget.  There are many advantages of using our “Professional” version over our “Community” edition, but this blog post will cover the most significant items.

(more…)

December 11, 2021 News No comments yet
Sn1per Professional Nessus Add-on

Sn1per Professional Nessus Add-on Update!

In case you missed it, we recently added support for Nessus v10.x in Sn1per Professional (version 1.0 of our Nessus Add-on only supported Nessus v8.8.x integration). Our new Nessus v2.0 Add-on lets customers scan for the latest vulnerabilities using Nessus version 10.x and download detailed vulnerability reports in HTML and CSV format with Sn1per Professional. We also added the ability to select different Nessus scan profiles when configuring the scans via Sn1per to provide greater customization. Be sure to check out the full blog post for more details.

(more…)

November 21, 2021 News No comments yet
Automate Dynamic Web Application Scans (DAST) Using Sn1per Professional

Automate Dynamic Application Security Testing (DAST) Using Sn1per

In this blog post, I will outline the steps needed in order to automate Dynamic Application Security Testing (DAST) using Sn1per Professional. For those unfamiliar with DAST, it is the process of analyzing dynamic web content in order to find vulnerabilities. There are several tools on the market to accomplish this, but we’ll focus on the top tools used by Sn1per Professional in this blog post.

(more…)

October 11, 2021 Attack Surface Management, Bug Bounties, Dynamic Application Security Testing, Penetration Testing, Vulnerability Scanning No comments yet