Category: Technical

Why Mobile Device Security Matters More Than Most Think

Mobile devices are often one of the most overlooked assets from a security perspective. Many people are under the false assumption that mobile devices “can’t get viruses”, “aren’t important”, or that they can ignore mobile updates, when in fact, these devices often store more critical data than people realize, yet statistically are barely more secure… Read more »

Your Detailed Out-of-Office Autoresponder Could be Putting Your Organization’s Email Security at Risk

Tips for Writing Safe but Still Helpful OOO Email Messages. The spirit of the out-of-office autoresponder has never been about email security. Instead, it has traditionally been about providing helpful contact information in the event that a coworker or a customer in need of assistance emails you while you’re away. Simple. But it’s 2021, and… Read more »

I’ve Got 4658 Problems, and All of Them Are in Security Center

Overwhelmed by Azure Security Center? We can help. Azure Security Center can help identify and remediate vulnerabilities on your cloud resources that might go unnoticed. Security Center provides a unified security management system that can provide security insights, detect vulnerabilities and best practice deficiencies, as well as protect against threats. But as your environment grows,… Read more »

Limited Length SQL Injection

Limited Length SQL Injection

During application testing, most SQL injection attacks are mundane. Often, when there is one SQL injection, there are many–and they are easily exploitable with tools like sqlmap. Occasionally, an application is largely protected against SQL injection, but something interesting happens on a test. A tester manually validates a SQL injection vulnerability based on server responses,… Read more »

Improving Application Security Through Automated Testing

Improving Application Security Through Automated Testing

Turn Your Software Development Security into a Repeatable Engineering Process Companies have long viewed application security testing as a black art that’s dependent upon a small number of experts wielding arcane tools to find vulnerabilities and develop exploits. However, as the velocity of software development increases, the old way of running security tests becomes less… Read more »

How to Build Your Own Mobile Application Testing Lab

How to Build Your Own Mobile Application Testing Lab

A key aspect of testing mobile applications is the ability to observe and modify network traffic. Learn how to use a router with modified firmware to perform HTTP/HTTPS-based traffic interception. 3 Methods for Intercepting Traffic 1. ARP cache poisoning Testers can use man-in-the-middle tools such as Bettercap to force mobile device traffic to a proxy… Read more »