In this post, we’ll dive into the definitions and differences between white box, black box, and grey box testing so that you can better understand these essential techniques for securing your attack surface. But first, let’s get the basics right. What is penetration testing? In simple terms, it’s the practice of identifying vulnerabilities, weaknesses, or
Introduction As mobile app developers, we are constantly striving to create secure and reliable applications for our users. To achieve this, we often employ various security measures such as certificate pinning and root detection. While these practices undoubtedly enhance the security of a mobile app, it’s important to understand that no solution is ever completely
Introduction Insecure Direct Object Reference, or IDOR, is a common security vulnerability that exposes sensitive data and allows unauthorized access to resources. It is a critical issue that often appears in the OWASP Top Ten, a list of the most prevalent security risks in web applications. In this blog post, we will discuss what IDOR
Intro With the ever increasing use of mobile applications in various aspects of our lives, ensuring the security and privacy of users has become a top priority for developers and organizations alike. As mobile applications store and process sensitive data, securing them against potential attacks is of utmost importance. The Open Web Application Security Project
Cross-site Scripting (XSS) is a prevalent security vulnerability in web applications that allows attackers to inject malicious scripts into web pages viewed by users. In this blog post, we will explore the concept of reflected XSS, compare it with stored and DOM XSS, and discuss if reflected XSS can also be stored or DOM XSS.
Internet of What? The Internet of Things (IoT) penetration testing is needed more than ever as IoT devices have become an essential component of our everyday lives, with smart devices seamlessly integrating into various aspects of our routines. From wearable fitness trackers to smart home appliances, the IoT ecosystem is growing exponentially, promising greater convenience,
OWASP Top Ten – Cryptographic Failures The world of cybersecurity is constantly evolving as new threats and vulnerabilities emerge. This includes Cryptographic Failures. The Open Web Application Security Project (OWASP) Top Ten is a widely recognized list of the most critical security risks to web applications. One of the entries on this list is Cryptographic
What is an SSRF? The next entry in our OWASP Top Ten Series covers Server Side Request Forgeries. Server Side Request Forgery (SSRF) is a security vulnerability that occurs when an attacker is able to make HTTP requests to an internal or external system from a vulnerable server, effectively using the server as a proxy.