Web Application Security: Common Vulnerabilities and How to Prevent Them
Web applications are at the core of modern business operations—from e-commerce and client portals to internal tools and SaaS platforms. But as reliance on web apps grows, so does the attack surface. According to the OWASP Foundation, most breaches today...
Emerging Cyber Threats: Preparing Your Organization for the Future
Cybersecurity has always been a moving target. As organizations continue to invest in digital transformation and rely more heavily on technology, cybercriminals evolve their methods just as fast—sometimes faster. The threats we saw just a few years ago have grown...
Understanding Attack Surface Management: Protecting Your Digital Assets
In today’s digital-first landscape, cyber security threats are evolving faster than ever. With growing reliance on cloud infrastructure, mobile apps, remote workforces, and third-party tools, your organization’s attack surface is expanding—sometimes without you even realizing it. That’s where Attack Surface...
TSA’s Proposed Cybersecurity Rule for the Transportation Sector – The Need for Penetration Testing
In an era where cyber threats are increasingly sophisticated, the Transportation Security Administration (TSA) has proposed a new set of cybersecurity requirements targeting the pipeline, rail, and over-the-road bus (OTRB) sectors. This Notice of Proposed Rulemaking (NPRM) aims to strengthen...
Web and Mobile Application Fuzzing Best Practices
If you’re reading this, you’ve probably used tools like Ffuf or Gobuster to fuzz an application to expand the attack surface and potentially find sensitive files and directories. Unfortunately, we here at Brackish find that a lot of testers are...
What are Default Credentials? A Penetration Testers Best Friend!
While organizations focus on patching vulnerabilities, updating software, and training staff, one of the most overlooked yet dangerous entry points remains default credentials. These seemingly harmless username and password combinations are a hacker’s golden ticket into your network or destruction...
Part 1: Understanding the Basics of Penetration Testing
To stay one step ahead of cybercriminals, proactive measures are necessary. One of the most effective tools in your cybersecurity toolkit is a penetration test (pen test). This blog post is the first in a series designed to guide you through...
Logging – Mobile Application Penetration Testing #6
Welcome back to the long awaited next entry in Brackish Security’s Mobile Application Penetration Testing series. When conducting mobile application penetration testing, inspecting logs on iOS and Android is a crucial step in understanding how an app behaves, particularly in how it handles sensitive...
Physical Penetration Testing: Why Every Company Should Prioritize It
In an era dominated by digital transformation, businesses are more focused than ever on securing their online assets. Cybersecurity measures such as firewalls, antivirus software, and encryption protocols are essential, but one often overlooked aspect of comprehensive security is physical...
DIY Penetration Testing
With cyber threats becoming increasingly sophisticated, companies, regardless of their size, need to ensure their networks and systems are secure. However, many small to medium-sized businesses (SMBs) operate on limited budgets, making it challenging to allocate significant resources toward comprehensive...