What are Weak Hashing Algorithms
In your vulnerability scanner of choice you may have seen “SSL Certificate signed using weak hashing algorithm”, but what is this? This refers to a security vulnerability in the SSL/TLS certificate used by a website. A hashing algorithm is used...
Data Privacy Day
What is Data Privacy? Data privacy is a critical issue in today’s digital age, as more and more personal information is being collected, stored, and shared by companies and organizations. It is important to ensure that individuals’ personal information is...
Taking Over Organizr Accounts
Today we have another rate-limiting issue. While this one is not as impactful as the previous one – it’s still fun. Organizr is a self-hosted application written in PHP that basically helps you self-host other services at your home. It’s...
TutorTrac Multiple Stored XSS
TutorTrac Multiple Stored XSS Brackish researchers found authenticated stored cross-site-scripting (XSS) in TutorTrac version <= 4.2.170210. An authenticated attacker could utilize crafted input in several locations throughout the application to perform XSS attacks. This is a standard stored XSS attack...
OWASP Top Ten – Insufficient Logging & Monitoring
Insufficient Logging & Monitoring This week’s entry in the OWASP Top Ten series is Insufficient Logging & Monitoring. This is one of those things that organizations often don’t realize they are missing until it is too late. People sometimes overlook...
OWASP Top Ten – Vulnerable and Outdated Components
Vulnerable and Outdated Components This is the first post in a series of posts that will cover the OWASP Top Ten. Today’s post will cover Vulnerable and Outdated Components. This is a very common vulnerability found in nearly every penetration...
Why Your Business Needs A Penetration Test
Introduction A penetration test is a method of security testing that can help you identify vulnerabilities and prevent hackers from stealing your business’s data. Penetration testing is a critical part of any cybersecurity strategy, but many businesses don’t even know...
What is Zero Trust?
Zero trust is a security concept that has gained popularity in recent years due to the increasing complexity and sophistication of cyber threats. It is based on the premise that no one, whether they are inside or outside an organization,...
Credentials Gone Wild
If there is one thing that Brackish testers have seen a lot lately, it is default credentials. In five out of the last five engagements performed by Brackish, testers have found default credentials in use. In several of these instances,...
A Password Manager for Enhanced Cybersecurity
You have all your passwords written on a piece of paper in the drawer next to you. You have all your passwords in a spreadsheet that is located on your desktop. You use the same password for every site. Or...