Red Teaming vs. Penetration Testing: Understanding the Differences
In the ever-evolving landscape of cybersecurity threats, organizations are under constant pressure to stay one step ahead of attackers. This has led to a surge in demand for offensive security services—but not all offensive assessments are created equal. Two of...
Network Penetration Testing: Strengthening Your Organization’s Defenses
In today’s high-stakes digital landscape, your network is constantly under threat. Cybercriminals aren’t waiting for an invitation—they’re scanning, probing, and exploiting any weakness they can find. If you’re not actively testing your defenses, you’re leaving the door wide open. That’s...
Web Application Security: Common Vulnerabilities and How to Prevent Them
Web applications are at the core of modern business operations—from e-commerce and client portals to internal tools and SaaS platforms. But as reliance on web apps grows, so does the attack surface. According to the OWASP Foundation, most breaches today...
Emerging Cyber Threats: Preparing Your Organization for the Future
Cybersecurity has always been a moving target. As organizations continue to invest in digital transformation and rely more heavily on technology, cybercriminals evolve their methods just as fast—sometimes faster. The threats we saw just a few years ago have grown...
Understanding Attack Surface Management: Protecting Your Digital Assets
In today’s digital-first landscape, cyber security threats are evolving faster than ever. With growing reliance on cloud infrastructure, mobile apps, remote workforces, and third-party tools, your organization’s attack surface is expanding—sometimes without you even realizing it. That’s where Attack Surface...
TSA’s Proposed Cybersecurity Rule for the Transportation Sector – The Need for Penetration Testing
In an era where cyber threats are increasingly sophisticated, the Transportation Security Administration (TSA) has proposed a new set of cybersecurity requirements targeting the pipeline, rail, and over-the-road bus (OTRB) sectors. This Notice of Proposed Rulemaking (NPRM) aims to strengthen...
Web and Mobile Application Fuzzing Best Practices
If you’re reading this, you’ve probably used tools like Ffuf or Gobuster to fuzz an application to expand the attack surface and potentially find sensitive files and directories. Unfortunately, we here at Brackish find that a lot of testers are...
What are Default Credentials? A Penetration Testers Best Friend!
While organizations focus on patching vulnerabilities, updating software, and training staff, one of the most overlooked yet dangerous entry points remains default credentials. These seemingly harmless username and password combinations are a hacker’s golden ticket into your network or destruction...
Part 1: Understanding the Basics of Penetration Testing
To stay one step ahead of cybercriminals, proactive measures are necessary. One of the most effective tools in your cybersecurity toolkit is a penetration test (pen test). This blog post is the first in a series designed to guide you through...
Logging – Mobile Application Penetration Testing #6
Welcome back to the long awaited next entry in Brackish Security’s Mobile Application Penetration Testing series. When conducting mobile application penetration testing, inspecting logs on iOS and Android is a crucial step in understanding how an app behaves, particularly in how it handles sensitive...