Explore our latest blog posts and stay secure in a digital world.
We were motivated to write about it when few of our clients just instantly asked us about blocking all known malicious web attacks at web server level itself. We quickly suggested them an open source, reliable WAF solution that suffice to their requirement. Obviously, just installing WAF does not mean that you do not need application security controls.
There have been times when a penetration tester is not able to install iOS application on a physical device while performing iOS application security assessment. This can happen due to various reasons
Monday morning and you hear the great news. How does it feel? Just received an email fromCREST Australiathat I have cleared the exam and now I’m CREST certified professional…JI’m all excited…J
Recently, we have seen a massive increase in malware attacks. Hackers find weak holes (vulnerability) in system or application, exploit them to gain access and ends up infecting them with malware. The attack is usually targeted for huge set of audience i.e. website legitimate users.
Security study has again proved that most of the web application security attacks (approx 85% as per Gartner and NIST) are generated from application layer. It has always been a challenge for developers to validate parameters in URL, HTTP header, HTP request and non-editable fields on the page.
Many times I have encountered a problem with projects where large scanning of network host is required. In that case, you simply cannot expect your consultant to scan each host individually, analyze output and list down all vulnerable ports/services. Yes..we can even detect open ports with Nessus but still it has a host limitation per scan.
It is always been a pain to run Nessus when you have long list of IPs to be scanned within a short period of time. This typically happens when you are engaged in an internal pentest and you have multiple IPs to scan.
Recently, we got an opportunity to do a security hands-on on an Android native application. This application does not communicate to internet via HTTP protocol or mobile browser. The application communicates with the remote server over TCP on some XYZ port.
ColdFusion had several exploits in the past. ColdFusion 10 being the latest and stable release from Adobe it was hard to find any ready exploits.
Join our newsletter today and enhance your knowledge with valuable insights. It's quick, easy, and free!