Tag: pentest

Is Caido The New Burp?

There has been some buzz around Caido recently – a contender to the Burp crown. Brackish Security testers recently sat down and tried Caido out on some real pentests. Our findings follow. Keep in mind that Caido is still fairly new, while Burp has been in development and use for a very long time. Additionally,

Penetration Testing: White Box, Black Box, and Grey Box Testing

In this post, we’ll dive into the definitions and differences between white box, black box, and grey box testing so that you can better understand these essential techniques for securing your attack surface. But first, let’s get the basics right. What is penetration testing? In simple terms, it’s the practice of identifying vulnerabilities, weaknesses, or

Certification Pinning and Root Detection: Helpful but Not Unhackable

Introduction As mobile app developers, we are constantly striving to create secure and reliable applications for our users. To achieve this, we often employ various security measures such as certificate pinning and root detection. While these practices undoubtedly enhance the security of a mobile app, it’s important to understand that no solution is ever completely

Insecure Direct Object Reference (IDOR) Vulnerabilities: Understanding, Exploiting, and Detecting

Introduction Insecure Direct Object Reference, or IDOR, is a common security vulnerability that exposes sensitive data and allows unauthorized access to resources. It is a critical issue that often appears in the OWASP Top Ten, a list of the most prevalent security risks in web applications. In this blog post, we will discuss what IDOR

OWASP Mobile Application Security Testing Guide (MASTG)

Intro With the ever increasing use of mobile applications in various aspects of our lives, ensuring the security and privacy of users has become a top priority for developers and organizations alike. As mobile applications store and process sensitive data, securing them against potential attacks is of utmost importance. The Open Web Application Security Project

Unraveling the Intricacies of IoT Penetration Testing

Internet of What? The Internet of Things (IoT) has become an essential component of our everyday lives, with smart devices seamlessly integrating into various aspects of our routines. From wearable fitness trackers to smart home appliances, the IoT ecosystem is growing exponentially, promising greater convenience, efficiency, and personalization. However, this rapid expansion comes with its

OWASP Top Ten – Cryptographic Failures

Cryptographic Failures The world of cybersecurity is constantly evolving as new threats and vulnerabilities emerge. The Open Web Application Security Project (OWASP) Top Ten is a widely recognized list of the most critical security risks to web applications. One of the entries on this list is Cryptographic Failures, a crucial concern for businesses and developers

OWASP Top Ten – Server Side Request Forgery (SSRF)

What is an SSRF? Server Side Request Forgery (SSRF) is a security vulnerability that occurs when an attacker is able to make HTTP requests to an internal or external system from a vulnerable server, effectively using the server as a proxy. This can expose sensitive data, internal resources, or potentially allow the attacker to perform