Part 1: Understanding the Basics of Penetration Testing

To stay one step ahead of cybercriminals, proactive measures are necessary. One of the most effective tools in your cybersecurity toolkit is a penetration test (pen test). This blog post is the first in a series designed to guide you through the penetration testing process from start to finish. We’ll start by covering the basics—what

Logging – Mobile Application Penetration Testing #6

Welcome back to the long awaited next entry in Brackish Security’s Mobile Application Penetration Testing series. When conducting mobile application penetration testing, inspecting logs on iOS and Android is a crucial step in understanding how an app behaves, particularly in how it handles sensitive data, error handling, and debugging information. Log files can provide insight

Physical Penetration Testing: Why Every Company Should Prioritize It

In an era dominated by digital transformation, businesses are more focused than ever on securing their online assets. Cybersecurity measures such as firewalls, antivirus software, and encryption protocols are essential, but one often overlooked aspect of comprehensive security is physical penetration testing. What Is Physical Penetration Testing? Physical penetration testing involves simulating a real-world attack

DIY Penetration Testing

With cyber threats becoming increasingly sophisticated, companies, regardless of their size, need to ensure their networks and systems are secure. However, many small to medium-sized businesses (SMBs) operate on limited budgets, making it challenging to allocate significant resources toward comprehensive security measures. One solution for these companies is to adopt a DIY approach to penetration

JavaScript Source Map Vulnerabilities

What is a JavaScript source map file? Source map files map the transformed, minified, or compiled code back to the original source code, and they can often be found exposed publicly in web applications. This is particularly useful for debugging because it allows developers to view and step through the original source code even when

Red Teaming vs. Penetration Testing

In the realm of cybersecurity, both red teaming (also known as adversarial simulation), and penetration testing play crucial roles in identifying vulnerabilities within an organization’s digital infrastructure. While these terms are often used interchangeably, they represent distinct methodologies with unique objectives. Understanding the differences between red teaming and penetration testing is essential for organizations aiming

Penetration Testing Findings: Exposed Non-Production Environments

Non-production environments refer to any setup that is used for purposes other than live, operational applications. This includes development, testing, staging, and quality assurance (QA) environments. They are essential for preparing software for production by allowing thorough testing and debugging. A lot of us security minded folks are aware developers standup non prod environments and

IoT Penetration Testing Part 1

IoT Penetration Testing is one of our favorite types of testing here at Brackish Security. This will be the first of a multi-part blog series on embedded device security (the “Internet of Things” or IoT). Our goal is to show how the Brackish security team approaches an IoT pentest, including detailed methodologies and examples.  IoT