There has been some buzz around Caido recently – a contender to the Burp crown. Brackish Security testers recently sat down and tried Caido out on some real pentests. Our findings follow. Keep in mind that Caido is still fairly new, while Burp has been in development and use for a very long time. Additionally,
In this post, we’ll dive into the definitions and differences between white box, black box, and grey box testing so that you can better understand these essential techniques for securing your attack surface. But first, let’s get the basics right. What is penetration testing? In simple terms, it’s the practice of identifying vulnerabilities, weaknesses, or
Introduction As mobile app developers, we are constantly striving to create secure and reliable applications for our users. To achieve this, we often employ various security measures such as certificate pinning and root detection. While these practices undoubtedly enhance the security of a mobile app, it’s important to understand that no solution is ever completely
Introduction Insecure Direct Object Reference, or IDOR, is a common security vulnerability that exposes sensitive data and allows unauthorized access to resources. It is a critical issue that often appears in the OWASP Top Ten, a list of the most prevalent security risks in web applications. In this blog post, we will discuss what IDOR
Intro With the ever increasing use of mobile applications in various aspects of our lives, ensuring the security and privacy of users has become a top priority for developers and organizations alike. As mobile applications store and process sensitive data, securing them against potential attacks is of utmost importance. The Open Web Application Security Project
Internet of What? The Internet of Things (IoT) has become an essential component of our everyday lives, with smart devices seamlessly integrating into various aspects of our routines. From wearable fitness trackers to smart home appliances, the IoT ecosystem is growing exponentially, promising greater convenience, efficiency, and personalization. However, this rapid expansion comes with its
Cryptographic Failures The world of cybersecurity is constantly evolving as new threats and vulnerabilities emerge. The Open Web Application Security Project (OWASP) Top Ten is a widely recognized list of the most critical security risks to web applications. One of the entries on this list is Cryptographic Failures, a crucial concern for businesses and developers
What is an SSRF? Server Side Request Forgery (SSRF) is a security vulnerability that occurs when an attacker is able to make HTTP requests to an internal or external system from a vulnerable server, effectively using the server as a proxy. This can expose sensitive data, internal resources, or potentially allow the attacker to perform