Obrela Security Industries, a security analytics and cyber risk management services, has announced its sponsorship of Commix, an open-source pen-testing tool, to address command injection vulnerabilities. Obrela aims to address the emerging demand for end-to-end security services by offering an ‘umbrella’ of security solutions.
George Patsis, CEO, at Obrela Security Industries said that this sponsorship would would, “Provide penetration testers and information security researchers with everything they need in order to perform a successful command injection attack”.
Command injection attacks are one of the most common types of attacks on vulnerable applications. The Open Web Application Security Project Foundation found that injection attacks were the number 1 most common type of globally recognized web application security risks.
The method exploits vulnerable systems with insufficient input validation by forcing the application to execute arbitrary operating system (OS) commands and compromising the application and its data. A successful command injection attack can allow for the complete takeover of applications.
A prime example of a real, infamous command injection vulnerability that clearly depicts the threats of this type of code injection was the Shellshock bug which executed tens of thousands of attacks on vulnerable systems.
Commix, as a find and test tool, automates the process of locating and exploiting command injection vulnerabilities. The end goal allows end-users an automated way to find and address their application’s own weaknesses.
George Patsis, CEO at Obrela Security Industries: “In being able to perform such attacks, pen-testers give the InfoSec community the opportunity to adequately identify injection vulnerabilities and perform the necessary remediations to secure their applications”.
Commix is an open-source project whose base code is open and available to the wider InfoSec community. This not only enables trust in the product but allows the wider community on GitHub to expand its applications. As an open-source and modular command injection exploiter Commix allows end-users to adapt the tool to their specific applications needs and is compatible with other tools and frameworks.