Tag: owasp

TLS Versions Explained

Transport Layer Security (TLS) is a widely-used protocol for securing communications on the internet. TLS is responsible for establishing a secure and encrypted connection between two communicating devices, ensuring that the data transmitted between them is protected from eavesdropping, tampering, and other attacks. TLS has undergone several revisions over the years, with TLS 1.0 and

Why you need a DMZ

Why you need a DMZ In today’s interconnected world, network design and segmentation are crucial for the security and performance of an organization’s IT infrastructure. A well-designed network should be segmented to isolate critical assets and minimize the impact of a potential security breach. One common approach to network segmentation is the use of a

Chamberlain myQ Account Takeover

Introduction A Brackish Security researcher recently uncovered a vulnerability affecting the myQ iOS application that allows an attacker to take over arbitrary user accounts. This issue was discovered in iOS application version 5.222.0.32277. No other versions were tested, but it is possible that multiple versions and platforms use the same APIs with vulnerable functionality. This

OWASP Top Ten – Injection

OWASP Top Ten – Injection Today’s entry in the OWASP Top Ten series is Injection. If we are going to call a vulnerability a classic, this would be it. In the latest version of the OWASP Top Ten, the venerable vulnerability Cross Site Scripting has been combined with other classic injections, such as SQL injection,

TutorTrac Multiple Stored XSS

TutorTrac Multiple Stored XSS Brackish researchers found authenticated stored cross-site-scripting (XSS) in TutorTrac version <= 4.2.170210. An authenticated attacker could utilize crafted input in several locations throughout the application to perform XSS attacks. This is a standard stored XSS attack that can be used to steal user’s sessions cookies, amongst other things.   Injection is a

OWASP Top Ten – Insufficient Logging & Monitoring

Insufficient Logging & Monitoring This week’s entry in the OWASP Top Ten series is Insufficient Logging & Monitoring. This is one of those things that organizations often don’t realize they are missing until it is too late. People sometimes overlook this one because it’s not an attack or a threat in the common usage of

OWASP Top Ten – Vulnerable and Outdated Components

Vulnerable and Outdated Components This is the first post in a series of posts that will cover the OWASP Top Ten. Today’s post will cover Vulnerable and Outdated Components. This is a very common vulnerability found in nearly every penetration test. It basically boils down to using software that has not been updated and/or software