Evernote is a memo platform that stores users’ photographs, business cards, notes and ideas and synchronises them across all of their devices.
Both Avram Marius Gabriel (@securityshell) and Ryan Dewhurst (@ethicalhack3r) have been named in Evernote’s Security Hall of Fame.
Avram Marius Gabriel has been publicly thanked by a number of prominent organisations for his responsible disclosure of new web security issues. Evernote is the seventeenth company to name the RandomStorm security engineer in its Security Hall of Fame. His voluntary research, discovery and reporting of security bugs has also been acknowledged by Google, Microsoft, Adobe, Facebook, eBay, Twitter, Dropbox, Etsy, iFixit, Yandex, Mozilla, Baracuda, Keneva, AT &T, Nokia Siemens and Paypal.
Ryan Dewhurst is best known as the developer of the Damned Vulnerable Web App (DVWA), an open source training tool that has been downloaded more than 150,000 times and is used by security engineers all around the world to help them to learn about common vulnerabilities that compromise the security of web applications. He also helped to develop the freely downloadable WPScan tool, which allows webmasters to scan their WordPress blogs for plug-ins that could be exploited by hackers to inject SQL code into web pages or conduct a cross site scripting (XSS) attack. Within weeks of its launch WPScan was added to the international BackTrack catalogue of professional security testing tools. Ryan was named Security Rising Star at this year ’s SC Awards Europe, in recognition of his work to promote awareness of web application security and share technical expertise to make sites safer for users.
Andrew Mason, co-founder and Technical Director of RandomStorm, said: “With so much personal information stored in Evernote, it is extremely important that the platform avoids security vulnerabilities that could enable identity thieves to access that information . As well as the distress caused to consumers, we have seen large scale attacks on enterprise information systems that began with spear phishing attacks on key employees, using snippets of personal information to make the initial call or email appear more convincing. We are proud to see two of RandomStorm’s web application security specialists being acknowledged for their efforts to identify and alert companies to bugs that could be exploited to expose customers ’ details. The work of white hats like them helps to make web applications safer for us all. ”
RandomStorm provides vulnerability scanning and intrusion detection services to help companies in the public sector, retail, hospitality, financial and utility industries to improve their security posture and comply with industry guidelines and data protection regulations. The company is a CESG CHECK security consultancy and certified as both an Approved Scanning Vendor and Qualified Security Assessor by the Payment Card Industry Security Standards Council.