blog

Our Latest Blogs

Explore our latest blog posts and stay secure in a digital world.

Configuring ModSecurity with OWASP CRS – Part 1
September 25, 2024
Blacklock

We were motivated to write about it when few of our clients just instantly asked us about blocking all known malicious web attacks at web server level itself. We quickly suggested them an open source, reliable WAF solution that suffice to their requirement. Obviously, just installing WAF does not mean that you do not need application security controls.

Local Data Storage Analysis with iOS Simulator
September 25, 2024
Blacklock

There have been times when a penetration tester is not able to install iOS application on a physical device while performing iOS application security assessment. This can happen due to various reasons

Way to go – CREST Certified
September 25, 2024
Blacklock

Monday morning and you hear the great news. How does it feel? Just received an email fromCREST Australiathat I have cleared the exam and now I’m CREST certified professional…JI’m all excited…J

Malware Attack Analysis
September 25, 2024
Blacklock

Recently, we have seen a massive increase in malware attacks. Hackers find weak holes (vulnerability) in system or application, exploit them to gain access and ends up infecting them with malware. The attack is usually targeted for huge set of audience i.e. website legitimate users.

Data Validation Framework – HDIV at a Glance
September 25, 2024
Blacklock

Security study has again proved that most of the web application security attacks (approx 85% as per Gartner and NIST) are generated from application layer. It has always been a challenge for developers to validate parameters in URL, HTTP header, HTP request and non-editable fields on the page.

Automating NMAP Capabilities
September 25, 2024
Blacklock

Many times I have encountered a problem with projects where large scanning of network host is required. In that case, you simply cannot expect your consultant to scan each host individually, analyze output and list down all vulnerable ports/services. Yes..we can even detect open ports with Nessus but still it has a host limitation per scan.

Multiple IP Nessus 5.2 Automation Script
September 25, 2024
Blacklock

It is always been a pain to run Nessus when you have long list of IPs to be scanned within a short period of time. This typically happens when you are engaged in an internal pentest and you have multiple IPs to scan.

Intercepting Android Native Application
September 25, 2024
Blacklock

Recently, we got an opportunity to do a security hands-on on an Android native application. This application does not communicate to internet via HTTP protocol or mobile browser. The application communicates with the remote server over TCP on some XYZ port.

ColdFusion 10 Remote File Disclosure Exploit
September 25, 2024
Blacklock

ColdFusion had several exploits in the past. ColdFusion 10 being the latest and stable release from Adobe it was hard to find any ready exploits.

Subscribe to our newsletter

Join our newsletter today and enhance your knowledge with valuable insights. It's quick, easy, and free!

Be a Team Player
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.