Security Blog

Feature development & monitoring tips

[email protected]

Category: Web Application

November 4, 2022

Why is CREST OVS Important?

CREST OVS was released last week and focuses on the improvement of testing standards of web applications. Today we give a brief insight into its importance and why it matters.

Find Out More
July 18, 2022

OWASP Top Ten: Insecure Design

 OWASP Top Ten: Insecure Design A new addition to the OWASP Top Ten, Insecure design is one of the leading causes of data breaches today. By understanding and avoiding these patterns, you can make your Web Applications more secure. In this blog post, we will give you a brief overview of Insecure Design and provide […]

Find Out More
July 7, 2022

OWASP Top Ten: Cryptographic Failures

OWASP Top Ten: Cryptographic Failures Cryptographic Failures are a major security problem. They can lead to data breaches, identity theft, and other serious problems. The Open Web Application Security Project (OWASP) has identified ten major failures. These failures can be divided into three categories: Cryptographic design flaws, cryptographic implementation errors and cryptographic key management. What […]

Find Out More
July 4, 2022

OWASP Top Ten: Injection

OWASP Top Ten: Injection Injection is one of the top OWASP vulnerabilities for a reason. It can allow attackers to inject their own malicious code into programs, which can result in serious security breaches. This blog post will discuss what injection is, how it occurs, and some of the most common attack vectors. We will […]

Find Out More
February 17, 2020

PHP Deserialisation/Object Injection

PHP Deserialization vulnerabilities are rarely seen on Greybox application assessments, however these should not be overlooked. This blog will look at PHP Deserialzation/Object injection covering how these vulnerabilities can be spotted and the exploit code required to read local files.

Find Out More
January 10, 2020

Masquerade, cracking hashes with known formats

As a penetration tester, cracking hashes can be a great post exploitation activity for both the fun and value to a client, providing a great way of showing the severity of an issue (but mostly for the fun). In this blog I’ll show you an in-depth look at cracking hashes with known formats.

Find Out More