•  Oxford: +44 (0)1865 877830 
  • Manchester: +44 (0)161 713 0176 
  •  London: +44 (0)203 5983740 
  •  New York: +1 646-781-7580 
  • Dubai: +971 (0)4 427 0429

Blog

You are here

By Nick

An Overview of OWASP Top 10 2017

May 12, 2017

The release candidate (RC1) version of OWASP (Open Web Application Security Project) Top Ten Web Vulnerabilities for 2017 has recently been published and it is currently undergoing a public comment period. Continue reading

By guy

Adventures in Risk Assessments

May 03, 2017

ISO 27001 heavily uses risk assessments as part of the process of maintaining an Information Security Management System (ISMS). Continue reading

By Ray

PCI DSS 3.2 and Changes to PCI SAQs

Oct 28, 2016

PCI PCI DSS 3.2 became mandatory on the 1st of November 2016. This article will discuss changes introduced to the SAQs by the new version of the standard. Continue reading

By Robin

The Risk of Data Recovery from Damaged Drives

Sep 08, 2016

One of the biggest risks with selling used or second-hand computers is the chance the new owner will be able to recover usable information from the hard drive. Continue reading

By Nick

Android Binary Protection Methods

Aug 03, 2016

The majority of Android applications we test, even critical apps, do not prevent an attacker from successfully analysing, reverse engineering or modifying the app’s binary code. Continue reading

By Marius

The Real Impact of Cross-Site Scripting

Jul 29, 2016

Cross-site scripting (XSS) is probably the most prevalent high risk web application vulnerability nowadays, and yet it is still one of the most overlooked by developers and defenders alike.  Continue reading

By Alex

Throwback Threat: Macro Malware

Apr 25, 2016

Macro malware has been on the rise over the past couple of years, but unlike the 90s, the authors now include sophisticated threat actors working on behalf of  organised crime syndicates and nation state entities; something which makes this throwback threat all the more serious the second time round. This post details this issue and what can be done to help combat it.  Continue reading

By Nick

What is the Risk if You Don't Fix Perceived Meaningless Vulnerabilities?

Mar 23, 2016

In a recent external penetration test, I was able to chain multiple vulnerabilities together allowing me to fully compromise one of the client's servers. Continue reading

By Robin

LogMeIn Rescue Unattended Service Privilege Escalation

Jan 05, 2016

LogMeIn Rescue is a well-known and widely used remote access tool, primarily designed for IT staff to provide end users with support. A typical LogMeIn Rescue session will look something like this: Continue reading

By Antonio

Pages