OWASP Top Ten – Server Side Request Forgery (SSRF)

What is an SSRF? Server Side Request Forgery (SSRF) is a security vulnerability that occurs when an attacker is able to make HTTP requests to an internal or external system from a vulnerable server, effectively using the server as a proxy. This can expose sensitive data, internal resources, or potentially allow the attacker to perform

IoT Testing

Here at Brackish, we’ve recently received inquiries from several customers in regards to testing their IoT devices. We took a look at our current roster of testers and while we do have some experience testing IoT devices, it wasn’t something we felt comfortable charging our clients for at this point. With that said, one of

Insecure Deserialization

Introduction Insecure deserialization is a cybersecurity vulnerability that affects various programming languages, including C#, Java, PHP, Python, and others. This article explores the dangers of insecure deserialization, how it affects different languages, and how developers can mitigate the risks. Additionally, we will discuss the roles of penetration testing and source code reviews in helping companies

Phishing, Domain Names, and TLDs

As a small or medium-sized business owner, you may be aware of the threat of phishing attacks. Phishing is a common technique used by cybercriminals to trick people into giving away sensitive information such as usernames, passwords, or credit card numbers. One way to protect your business against these attacks is to buy common domain

OWASP Top Ten – Cryptographic Failures

What is it? Cryptographic failures, a prominent entry in the Open Web Application Security Project (OWASP) Top Ten list, are a significant concern in the digital age. With an increasing reliance on secure communication and data protection, the importance of robust cryptographic mechanisms cannot be overstated. Penetration testing, a proactive approach to discover security vulnerabilities,

OWASP Top Ten – Identification and Authentication Failures

Identification and Authentication Failures Online security has become a crucial aspect of modern life. Today, every business is a tech business, and it becomes increasingly important to ensure that sensitive data and information are protected from unauthorized access. One of the most critical aspects of online security is identification and authentication, and it is also

Local Administrator Accounts

Local administrator accounts are commonly used in Active Directory/internal networks to manage individual computers. These accounts have full control over the local computer, which can be a security risk if used carelessly. The use of local administrator accounts should be minimized to reduce the potential security vulnerabilities they pose to the network. One of the

Phishing – The Most Important Thing?

It seems like every day we see in the news that another organization was compromised. If we dig deep into the root cause of these breaches we find a very common theme – phishing. Phishing is the act of sending fraudulent emails or messages with the intention of tricking the recipient into revealing sensitive information