Discovering new vulnerabilities

Discovering new vulnerabilities

“Hunting vulnerabilities is our bread and butter.” Gianluca Palma, Cyber ​​Security Specialist, was awarded for his contribution in 2019 by Microsoft and this year by WSO2.

Our interview to Gianluca Palma, Cyber ​​Security Specialist, Cybertech, Engineering Group

In the complex Cyber world, what is the value of discovering a new vulnerability? What are the benefits to the end users and the entire cyber community? 

Our goal is to protect customer data by limiting the number of potential entry points used by hackers, and software errors are one of those. Being familiar with the unknown vulnerabilities of a popular product is the hacker’s main advantage, a powerful attack tool against all end-users, a cyber weapon that remains powerful and valid until the vulnerability is finally discovered.

The benefits for the community are endless, especially when we discover vulnerabilities in open source products. In that case, developers around the world can take advantage of the suggested security fixes and try to prevent this type of attack on other products.

How did you discover the WSO2 vulnerability and what issues does it solve?

During one of the many Penetration Tests that are commissioned to the Cybertech Team, I happened to come across the WSO2 platform, recently it was nominated by Forrester among the 15 most important leading companies in “API Management” solutions.

The vulnerability in question allows a potential attacker to permanently redirect the browser to a malicious website, make changes to the WSO2 user interface, retrieve user information from the browser or otherwise damage the portal (defacement).

What does it mean for a cybersecurity professional to discover a new vulnerability?

For an Ethical Hacker, hunting for vulnerabilities is “our bread and butter”. But it is always a great satisfaction when the commitment and professionalism of one’s work is recognized. Discovering a vulnerability on an Open Source product gratifies me even more because it means that my TEAM has reached the objectives before “others” did. Let’s say that our job is a “mix” of passion, good technical skills, concentration, imagination and sometimes even a bit of luck.

How important is the collaboration between Ethical Hackers for the evolution of Cybersecurity solutions and the fight against cybercrime?

Sharing is an intrinsic feature of the hacker culture. I believe that sharing experiences, discoveries and achievements, can only improve the technical level among professionals and consequently contribute to the fight against cyber-crime. This approach, in fact, allows other colleagues to extend, for example, the functionality of an exploit or to improve (refine) an attack technique.