Blog - Pentest People

Catching Subtle User Enumeration Issues

One of the most common vulnerabilities present in web applications today is valid user enumeration. In this blog I'll go over how to spot these errors and ultimately avoid them.

Email Address Validation

There are many ways to validates an email address, so let's have a look and talk about which method is best.

SQL Injection Is Still An Issue

As SQL is still the most common vulnerability in the OWASP Top 10, let's take a quick look at how this vulnerability is still exploitable.

We are all aware of IPv6 but are we aware of the current threats associated with default configurations? What is the new threat landscape with IPv6? Should we turn a blind eye and hope it disappears? In this blog series I'll cover the most relevant IPv6 details and attacks over a 2 part series.

Pentest People Awarded Place on G-Cloud 11 Framework

This week Pentest People have not only become a CHECK service provider authorised by the NCSC, but also awarded a place on the G-Cloud 11 framework. Authorised by the UK Government. Our services are now easily available for any company/organisation operating within the public sector via G-Cloud.

Pentest People Achieve CHECK Accreditation

Pentest People are proud to announce that we have been accredited as a CHECK Service Provider. Authorised by the NCSC (National Cyber Security Centre).

Help Me, Git. You’re My Only Hope.

Git is a great Version Control System, we all probably use it everyday without thinking what else it can be used for apart from version control. With some plugins, a few extra commands and the use of one or two tools, it can improve your development skills and general day-to-day working life.

NoSQL Injection

SQL Injection is a very common critical vulnerability and for years it has been listed in the OWASP Top 10. Many developers are aware of it and know how to prevent it. But with the rise of NoSQL databases are you familiar with potential NoSQL injection vulnerabilities?

Reverse Engineering Android Applications to Discover Hard Coded Credentials (APK’s)

Mobile phone applications have quickly become a part of our daily lives. To date, there are over 2.6 million applications on the Google Play store alone. In this article we will be looking at reverse engineering Android applications to find hard coded credentials. These credentials, in a real life scenario, would likely be hard coded API keys.

A Quick Burp Suite Sequencer Lab

Burp Suite Pro is arguably one of the most popular Web application testing tools available, and one that I myself have used for many years. It provides a variety of powerful automated and manual tools to interrogate applications and identify vulnerabilities. Yet there are certain tools within Burp Suite that most testers seldom use. One such tool is called ‘Sequencer’, a powerful automated solution for finding weaknesses in the ‘randomness’ of token values.

1 2 3 Next »

Infrastructure Penetration Testing

Web Application Penetration Testing

IT Health Check – ITHC for PSN Compliance

Remediation Consultancy Service

Cyber Essentials

GDPR Penetration Testing

Social Engineering Assessment

VPN Configuration Assessment

Firewall Ruleset Review

Network Device Security Review

Why Penetration Testing as a Service?

What is Included in PTaaS?

SecurePortal

Penetration Testing Methodology