Vulnerability
Research

Bonsai Security Consultants, may find security vulnerabilities in many types of software during the course of their work. And as a responsible Internet citizen's we will:

1. Make a good faith effort to work cooperatively and confidentially with any external software vendors to develop patches, fixes, or mitigation strategies for any vulnerability we discover.
2. Coordinate with the vendor to publicly disclose the vulnerability and its associated patch in a responsible manner.
3. Contribute these findings to the Internet community by publishing vulnerability advisories through Information Security Mailing Lists.

Bonsai is committed to responsible disclosure. We believe that it is the best way we can serve our customers and do our part to protect the Internet community. This is a list of our publicly reported vulnerabilities:

1. 2009-07-15: SQL Injection in CS-Cart
2. 2009-10-13: Multiple Cross Site Scriptings in Achievo
3. 2009-10-13: SQL Injection in Achievo

• Quick Links

  • w3af
  • untidy XML fuzzer
  • w3af Training
  • Education
  • Services

• News and Updates

  • Second w3af training @ New York

  • Web Application Security training @ FRHACK

  • Web Application Security Training in Buenos Aires