Certification Pinning and Root Detection: Helpful but Not Unhackable
Introduction As mobile app developers, we are constantly striving to create secure and reliable applications for our users. To achieve this, we often employ various security measures such as certificate pinning and root detection. While these practices undoubtedly enhance the...
OWASP Mobile Application Security Testing Guide (MASTG)
Intro With the ever increasing use of mobile applications in various aspects of our lives, ensuring the security and privacy of users has become a top priority for developers and organizations alike. As mobile applications store and process sensitive data,...
WordPress Security
WordPress is one of the most popular content management systems (CMS) in the world, powering over 40% of all websites on the internet. However, with great popularity comes a great responsibility to keep the WordPress installation secure. In this blog...
Why you need a DMZ
Why you need a DMZ In today’s interconnected world, network design and segmentation are crucial for the security and performance of an organization’s IT infrastructure. A well-designed network should be segmented to isolate critical assets and minimize the impact of...
Attack Surface Management
Introduction External attack surface management (ASM) refers to the process of identifying, analyzing, and mitigating security risks and vulnerabilities that originate from outside an organization’s network. The focus of external ASM is to protect against threats such as hackers, cybercriminals,...
What are Weak Hashing Algorithms
In your vulnerability scanner of choice you may have seen “SSL Certificate signed using weak hashing algorithm”, but what is this? This refers to a security vulnerability in the SSL/TLS certificate used by a website. A hashing algorithm is used...
Data Privacy Day
What is Data Privacy? Data privacy is a critical issue in today’s digital age, as more and more personal information is being collected, stored, and shared by companies and organizations. It is important to ensure that individuals’ personal information is...
Taking Over Organizr Accounts
Today we have another rate-limiting issue. While this one is not as impactful as the previous one – it’s still fun. Organizr is a self-hosted application written in PHP that basically helps you self-host other services at your home. It’s...
TutorTrac Multiple Stored XSS
TutorTrac Multiple Stored XSS Brackish researchers found authenticated stored cross-site-scripting (XSS) in TutorTrac version <= 4.2.170210. An authenticated attacker could utilize crafted input in several locations throughout the application to perform XSS attacks. This is a standard stored XSS attack...
OWASP Top Ten – Insufficient Logging & Monitoring
Insufficient Logging & Monitoring This week’s entry in the OWASP Top Ten series is Insufficient Logging & Monitoring. This is one of those things that organizations often don’t realize they are missing until it is too late. People sometimes overlook...