Category: attack surface management

  • Blog
  • Category: attack surface management

Is Caido The New Burp?

There has been some buzz around Caido recently – a contender to the Burp crown. Brackish Security testers recently sat down and tried Caido out on some real pentests. Our findings follow. Keep in mind that Caido is still fairly new, while Burp has been in development and use for a very long time. Additionally,

The Shield of Cyberspace: Understanding Web Application Firewalls

Introduction In our digital age, data security has grown into an essential necessity, not just a luxury. As companies depend heavily on web applications to offer their services, protecting these platforms against cyber threats becomes crucial. Here enters the Web Application Firewall (WAF) – a potent tool designed to safeguard web applications from a multitude

Penetration Testing: White Box, Black Box, and Grey Box Testing

In this post, we’ll dive into the definitions and differences between white box, black box, and grey box testing so that you can better understand these essential techniques for securing your attack surface. But first, let’s get the basics right. What is penetration testing? In simple terms, it’s the practice of identifying vulnerabilities, weaknesses, or

Insecure Direct Object Reference (IDOR) Vulnerabilities: Understanding, Exploiting, and Detecting

Introduction Insecure Direct Object Reference, or IDOR, is a common security vulnerability that exposes sensitive data and allows unauthorized access to resources. It is a critical issue that often appears in the OWASP Top Ten, a list of the most prevalent security risks in web applications. In this blog post, we will discuss what IDOR

OWASP Top Ten – Cryptographic Failures

Cryptographic Failures The world of cybersecurity is constantly evolving as new threats and vulnerabilities emerge. The Open Web Application Security Project (OWASP) Top Ten is a widely recognized list of the most critical security risks to web applications. One of the entries on this list is Cryptographic Failures, a crucial concern for businesses and developers

OWASP Top Ten – Server Side Request Forgery (SSRF)

What is an SSRF? Server Side Request Forgery (SSRF) is a security vulnerability that occurs when an attacker is able to make HTTP requests to an internal or external system from a vulnerable server, effectively using the server as a proxy. This can expose sensitive data, internal resources, or potentially allow the attacker to perform

Insecure Deserialization

Introduction Insecure deserialization is a cybersecurity vulnerability that affects various programming languages, including C#, Java, PHP, Python, and others. This article explores the dangers of insecure deserialization, how it affects different languages, and how developers can mitigate the risks. Additionally, we will discuss the roles of penetration testing and source code reviews in helping companies

Phishing, Domain Names, and TLDs

As a small or medium-sized business owner, you may be aware of the threat of phishing attacks. Phishing is a common technique used by cybercriminals to trick people into giving away sensitive information such as usernames, passwords, or credit card numbers. One way to protect your business against these attacks is to buy common domain