OWASP Top Ten – Insufficient Logging & Monitoring

Insufficient Logging & Monitoring This week’s entry in the OWASP Top Ten series is Insufficient Logging & Monitoring. This is one of those things that organizations often don’t realize they are missing until it is too late. People sometimes overlook this one because it’s not an attack or a threat in the common usage of […]

OWASP Top Ten – Vulnerable and Outdated Components

Vulnerable and Outdated Components This is the first post in a series of posts that will cover the OWASP Top Ten. Today’s post will cover Vulnerable and Outdated Components. This is a very common vulnerability found in nearly every penetration test. It basically boils down to using software that has not been updated and/or software […]

Why Your Business Needs A Penetration Test 

Introduction  A penetration test is a method of security testing that can help you identify vulnerabilities and prevent hackers from stealing your business’s data. Penetration testing is a critical part of any cybersecurity strategy, but many businesses don’t even know that it exists—let alone how to get started with one. In this article, we’ll cover […]

Microsoft OAuth Open Redirect

What is an open redirect? Open redirects are a web application vulnerability that allows an attacker to redirect a user to a malicious website. It can also be used to phish a user’s credentials, deliver malware, and sometimes perform XSS. An oft used example is as follows: Upon clicking this link, a victim is redirected […]

Zero Trust Brought to You by ChatGPT

Zero trust is a security concept that has gained popularity in recent years due to the increasing complexity and sophistication of cyber threats. It is based on the premise that no one, whether they are inside or outside an organization, should be trusted until they have been authenticated and authorized to access specific resources. This […]

Credentials Gone Wild

If there is one thing that Brackish testers have seen a lot lately, it is default credentials. In five out of the last five engagements performed by Brackish, testers have found default credentials in use. In several of these instances, these default credentials have led to highly critical issues in internal networks, external networks, and […]

A Password Manager for Enhanced Cybersecurity

You have all your passwords written on a piece of paper in the drawer next to you. You have all your passwords in a spreadsheet that is located on your desktop. You use the same password for every site. Or maybe you are extra secure because you change the numbers at the end of your […]