In our previous blog, we discussed the rising importance of security testing, and in particular red teaming, to mitigate the plethora of risks associated with managing your data in today’s digital world. Continue reading
Based on our experience over the last year, companies large and small are ramping up their security testing measures – and this comes as no surprise given the scale of the threats facing businesses in the digital era.
During a recent test, I ran into a curious SQL injection vulnerability that required some old but still valid tricks to bypass certain restrictions, and then some imagination to fully exploit it and get command execution on the vulnerable server. Continue reading
Back in May 2017, I reviewed the release candidate (RC1) version of OWASP (Open Web Application Security Project) Top Ten Web Vulnerabilities for 2017, which as stated within the previous blog entry, has been eventually rejected.
Encryption in mobile devices is tricky and often developers do not fully understand the mechanisms that iOS and Android, the most common operating systems for mobile devices, provide to ensure data stored on the devices remains relatively secure. Continue reading