Tag: penetration testing

  • Blog
  • Tag: penetration testing

Cybersecurity Awareness Month

October is the Cybersecurity Awareness Month, and at Brackish Security, we’re not just marking our calendars – we’re taking action! We understand the devastating impacts phishing attacks can have on individuals and organizations alike. That’s why we’re excited to introduce our ‘Free Phishing Campaign’ in honor of Cybersecurity Awareness Month. Understanding Phishing Phishing is a

OWASP Top Ten – Insecure Design

Insecure Design was a new entry when the latest version of the OWASP Top Ten was released in 2021. An really, what it gets at is a good lesson – Designing an application with security in mind can go a long way in ensuring that the end product is robust against all sorts of vulnerabilities.

OWASP Top Ten – Security Misconfiguration

What exactly is a Security Misconfiguration? It seems kind of nebulous, right? Well, that’s because it is. This vulnerability covers a wide range of issues that are some of the most prevalent in the wild and manifests in different forms—unnecessary default settings, overly verbose error handling, and unprotected files and directories, to name a few.

OWASP Top Ten – Broken Access Control

First things first, did you know that the OWASP acronym has changed from Open Web Application Security Project to Open Worldwide Application Security Project? Neither did we! But onto the real stuff. Today we have another entry in the OWASP Top Ten Series – Broken Access Control. This is one of the most prevalent vulnerabilities

Is Caido The New Burp?

There has been some buzz around Caido recently – a contender to the Burp crown. Brackish Security testers recently sat down and tried Caido out on some real pentests. Our findings follow. Keep in mind that Caido is still fairly new, while Burp has been in development and use for a very long time. Additionally,

Microsoft OAuth Open Redirect

What is an open redirect? Open redirects are a web application vulnerability that allows an attacker to redirect a user to a malicious website. It can also be used to phish a user’s credentials, deliver malware, and sometimes perform XSS. An oft used example is as follows: Upon clicking this link, a victim is redirected