Beyond the Breach: The Essential Role of Regular Penetration Testing in Safeguarding Organizational Reputation

In today’s interconnected world, cyber resilience is not just about protecting data but is closely tied to an organization’s reputation and trustworthiness. A cyberattack doesn’t only translate to financial losses but can significantly tarnish a company’s image. A case in point is the recent cyberattack on Clorox, emphasizing the imperative of preemptive measures, particularly regular

Guarding the Digital Front Door: The External Penetration Test

The demand and pressure for penetration testing services are growing every day – ethical hackers are racing to find all the vulnerabilities before the not so ethical ones do. The subject of penetration testing has expanded and deepened, with each specific area, whether web application, IoT, wireless, or even mobile, carrying significant importance. Arguably, the

White Box Web Application Testing for Pentesters and Bug Bounty Hunters

White box web application penetration testing is one of my favorite things to do in the security world. If you’re new to this, “white box” means you have access to the source code of the application you’re testing. Keep in mind that the vast majority of what I will discuss in this post actually applies

Cybersecurity Awareness Month

October is the Cybersecurity Awareness Month, and at Brackish Security, we’re not just marking our calendars – we’re taking action! We understand the devastating impacts phishing attacks can have on individuals and organizations alike. That’s why we’re excited to introduce our ‘Free Phishing Campaign’ in honor of Cybersecurity Awareness Month. Understanding Phishing Phishing is a

OWASP Top Ten – Insecure Design

Insecure Design was a new entry when the latest version of the OWASP Top Ten was released in 2021. An really, what it gets at is a good lesson – Designing an application with security in mind can go a long way in ensuring that the end product is robust against all sorts of vulnerabilities.

OWASP Top Ten – Security Misconfiguration

What exactly is a Security Misconfiguration? It seems kind of nebulous, right? Well, that’s because it is. This vulnerability covers a wide range of issues that are some of the most prevalent in the wild and manifests in different forms—unnecessary default settings, overly verbose error handling, and unprotected files and directories, to name a few.

OWASP Top Ten – Broken Access Control

First things first, did you know that the OWASP acronym has changed from Open Web Application Security Project to Open Worldwide Application Security Project? Neither did we! But onto the real stuff. Today we have another entry in the OWASP Top Ten Series – Broken Access Control. This is one of the most prevalent vulnerabilities

Is Caido The New Burp?

There has been some buzz around Caido recently – a contender to the Burp crown. Brackish Security testers recently sat down and tried Caido out on some real pentests. Our findings follow. Keep in mind that Caido is still fairly new, while Burp has been in development and use for a very long time. Additionally,