OWASP Top Ten – Broken Access Control
First things first, did you know that the OWASP acronym has changed from Open Web Application Security Project to Open Worldwide Application Security Project? Neither did we! But onto the real stuff. Today we have another entry in the OWASP...
The Shield of Cyberspace: Understanding Web Application Firewalls
Introduction In our digital age, data security has grown into an essential necessity, not just a luxury. As companies depend heavily on web applications to offer their services, protecting these platforms against cyber threats becomes crucial. Here enters the Web...
Penetration Testing: White Box, Black Box, and Grey Box Testing
In this post, we’ll dive into the definitions and differences between white box, black box, and grey box testing so that you can better understand these essential techniques for securing your attack surface. But first, let’s get the basics right....
Insecure Direct Object Reference (IDOR) Vulnerabilities: Understanding, Exploiting, and Detecting
Introduction Insecure Direct Object Reference, or IDOR, is a common security vulnerability that exposes sensitive data and allows unauthorized access to resources. It is a critical issue that often appears in the OWASP Top Ten, a list of the most...
Reflected XSS: Differences and Relationship with Stored and DOM XSS
scripts into web pages viewed by users. In this blog post, we will explore the concept of reflected XSS, compare it with stored and DOM XSS, and discuss if reflected XSS can also be stored or DOM XSS. Reflected XSS:...
Unraveling the Intricacies of IoT Penetration Testing
Internet of What? The Internet of Things (IoT) penetration testing is needed more than ever as IoT devices have become an essential component of our everyday lives, with smart devices seamlessly integrating into various aspects of our routines. From wearable...
OWASP Top Ten – Cryptographic Failures
The world of cybersecurity is constantly evolving as new threats and vulnerabilities emerge. This includes Cryptographic Failures. The Open Web Application Security Project (OWASP) Top Ten is a widely recognized list of the most critical security risks to web applications....
OWASP Top Ten – Server Side Request Forgery (SSRF)
What is an SSRF? The next entry in our OWASP Top Ten Series covers Server Side Request Forgeries. Server Side Request Forgery (SSRF) is a security vulnerability that occurs when an attacker is able to make HTTP requests to an...
IoT Testing
Here at Brackish, we’ve recently received inquiries from several customers in regards to testing their IoT devices. We took a look at our current roster of testers and while we do have some experience testing IoT devices, it wasn’t something...
Insecure Deserialization
Introduction Insecure deserialization is a cybersecurity vulnerability that affects various programming languages, including C#, Java, PHP, Python, and others. This article explores the dangers of insecure deserialization, how it affects different languages, and how developers can mitigate the risks. Additionally,...