Taking on the “Haters”: Pentesting User Session Vulnerabilities
In this post about pentesting user session vulnerabilities, we discuss the necessity of the validation and sanitation of URLs.
Successful mitigation of today’s security threats requires an approach that is both on the offensive and on the defensive. Here, we give our take on how to approach and handle specific security challenges, as well as our reaction to some of the latest industry topics.
In this post about pentesting user session vulnerabilities, we discuss the necessity of the validation and sanitation of URLs.
Azure Security Center can identify and fix vulnerabilities on your cloud resources, but if you’re having issues, we can help.
Having multi-factor authentication is great – but it is only one piece of the security puzzle and won’t work completely on its own.
DirectDefense performs Red Team engagements for its clients as a standard service. During many physical Red Team engagements, we are met with physical access control systems that use RFID or NFC to provide authorized users access to certain areas of buildings. These systems are often used to control entry into a building, or control access… Read more »
During application testing, most SQL injection attacks are mundane. Often, when there is one SQL injection, there are many–and they are easily exploitable with tools like sqlmap. Occasionally, an application is largely protected against SQL injection, but something interesting happens on a test. A tester manually validates a SQL injection vulnerability based on server responses,… Read more »
Learn how to prevent the exploitation of Amazing S3 buckets with weak permissions from one of our security consultants.
Turn Your Software Development Security into a Repeatable Engineering Process Companies have long viewed application security testing as a black art that’s dependent upon a small number of experts wielding arcane tools to find vulnerabilities and develop exploits. However, as the velocity of software development increases, the old way of running security tests becomes less… Read more »
Interested in building your own mobile application testing lab? We’re here to help. A key aspect of testing mobile applications is the ability to observe and modify network traffic. Learn how to use a router with modified firmware to perform HTTP/HTTPS-based traffic interception. 3 Methods for Intercepting Traffic 1. ARP cache poisoning Testers can use… Read more »
PCI Scope reduction is a great way to make PCI compliance simpler and to reduce risk. PCI Scope reduction reduces the attack surface area and the number of systems that must be maintained to the PCI standards…. “Less is more.” This blog post discusses web page redirects, which are an excellent method to get many… Read more »
Tokenization techniques are rapidly evolving to address PCI scope reduction efforts and securing cardholder data from breaches. PCI scope reduction is integral in simplifying PCI compliance and reducing risk overall in the environment. Effectively minimizing attack surface area and limiting the number of systems assessed to PCI standards, scope reduction is crucial. The issue of… Read more »