Penetration Testing: White Box, Black Box, and Grey Box Testing
In this post, we’ll dive into the definitions and differences between white box, black box, and grey box testing so that you can better understand these essential techniques for securing your attack surface. But first, let’s get the basics right....
Insecure Direct Object Reference (IDOR) Vulnerabilities: Understanding, Exploiting, and Detecting
Introduction Insecure Direct Object Reference, or IDOR, is a common security vulnerability that exposes sensitive data and allows unauthorized access to resources. It is a critical issue that often appears in the OWASP Top Ten, a list of the most...
Reflected XSS: Differences and Relationship with Stored and DOM XSS
scripts into web pages viewed by users. In this blog post, we will explore the concept of reflected XSS, compare it with stored and DOM XSS, and discuss if reflected XSS can also be stored or DOM XSS. Reflected XSS:...
Unraveling the Intricacies of IoT Penetration Testing
Internet of What? The Internet of Things (IoT) penetration testing is needed more than ever as IoT devices have become an essential component of our everyday lives, with smart devices seamlessly integrating into various aspects of our routines. From wearable...
OWASP Top Ten – Cryptographic Failures
The world of cybersecurity is constantly evolving as new threats and vulnerabilities emerge. This includes Cryptographic Failures. The Open Web Application Security Project (OWASP) Top Ten is a widely recognized list of the most critical security risks to web applications....
OWASP Top Ten – Server Side Request Forgery (SSRF)
What is an SSRF? The next entry in our OWASP Top Ten Series covers Server Side Request Forgeries. Server Side Request Forgery (SSRF) is a security vulnerability that occurs when an attacker is able to make HTTP requests to an...
IoT Testing
Here at Brackish, we’ve recently received inquiries from several customers in regards to testing their IoT devices. We took a look at our current roster of testers and while we do have some experience testing IoT devices, it wasn’t something...
Insecure Deserialization
Introduction Insecure deserialization is a cybersecurity vulnerability that affects various programming languages, including C#, Java, PHP, Python, and others. This article explores the dangers of insecure deserialization, how it affects different languages, and how developers can mitigate the risks. Additionally,...
Phishing, Domain Names, and TLDs
As a small or medium-sized business owner, you may be aware of the threat of phishing attacks. Phishing is a common technique used by cybercriminals to trick people into giving away sensitive information such as usernames, passwords, or credit card...
Local Administrator Accounts
Local administrator accounts are commonly used in Active Directory/internal networks to manage individual computers. These accounts have full control over the local computer, which can be a security risk if used carelessly. The use of local administrator accounts should be...