The first and only cybersecurity testing platform in the Philippines, Secuna reported the detection of 494 vulnerabilities in 21 private local companies last year, representing 45.57% of the total number of vulnerabilities patched by the company since the start of its operations.

The company noted that 58.89% of the identified vulnerabilities came from the enterprise technology sector in which 30 were classified as critical, 56 were high and 152 were medium severity. Financial services companies saw the second-largest portion of medium-risk vulnerabilities covering 20% ​​of total discovered cyberweaknesses. Of the disclosed vulnerabilities, 15.78% of medium, high, or critical risk vulnerabilities affect the healthcare sector, while 5.33% of high and medium risk vulnerabilities affect other organizations.

Among the top three critical vulnerabilities exposed by Secuna’s certified cybersecurity testers are remote code execution (RCE) flaws, SQL injection flaws, and exposed Git repositories. The RCE vulnerability can be exploited to remotely control the target server, retrieve all source code, access the database, and even delete the entire server file system.

The Philippine cybersecurity firm explained that SQL injection vulnerabilities found by its penetration testers can be exploited by malicious users to gain full database access and cause massive data breaches depending on their privilege. . Meanwhile, the exposed Git repositories allow hackers to grab the target application’s source code along with sensitive keys, passphrases, and tokens, among other things.

Their platform’s vulnerability assessment and penetration testing services also uncovered security vulnerabilities, including zero-day security flaws, cross-site scripting (XSS) flaws, direct reference vulnerabilities. unsecured object (IDOR) and missing security and privacy best practices, which if neglected could lead to terrifying cyber consequences among many cyber security issues that haunt Philippine businesses and organizations.

“Secuna encourages companies to review their assets for these security vulnerabilities and take steps to eliminate known vulnerabilities. Cybercriminals are already testing your app for potential flaws that will allow them to compromise your app or server. The absence of BBP will leave you clueless about potential vulnerabilities in your application. BBP solves this problem by allowing the right hackers to report these potential vulnerabilities and allows you to fix them before cybercriminals exploit these vulnerabilities for their personal gain. BBP also helps its customers maintain compliance by regularly testing their applications,” according to AJ Dumanhug, CEO and co-founder of Secuna.

As for the company’s bug bounty payments, an increase to US$24,045 for valid bug reports from its thousands of ethical hackers was recorded. Secuna’s Bug Bounty Program (BBP) service enables its Bangko Sentral ng Pilipinas (BSP) and National Privacy Commission (NPC) compliant customers to collaborate with vetted security researchers around the world to identify security threats. potential safety in their applications.

According to Dumahug, for every valid bug submission by Secuna researchers, the program owners reward them based on the severity of the vulnerability discovered. Without an appropriate policy in place, security researchers might be less inclined to report a vulnerability, or cybercriminals might join the hunt.

Secuna requires KYC (Know Your Customer) verification for hackers wishing to join their BBP before they can hunt for vulnerabilities. The company currently offers a free subscription and only adds a 10% commission on top of each rewarded bug report.