• Oxford: +44 (0)1865 877830 
  • Manchester: +44 (0)161 713 0176 
  • Edinburgh: +44 (0)131 541 0118 
  • New York: +1 646-781-7580 
  • Bucharest: +40 316 301 707 
  • Tokyo: +81 (3) 4588 8181 

Blog

You are here

13

Feb

Ninja Forms WordPress Plugin Cross-Site Scripting

During the course of a web application penetration test I was faced with the Ninja Forms WordPress plugin.

22

Nov

Cross-Site Scripting through Flash Objects

Despite waning support for ActionScript on mobile platforms, the inclusion of ActionScript animations in web applications is common.

01

Nov

Blind SQL injection through an Excel spread sheet

In a recent penetration test that I carried out, I faced an unusual form of SQL injection that fortunately (for me!) let me gain access to sensitive data in the backend database. I would like to share how I found this and exploited it with you.

18

Oct

Dealing with "Service Accounts"

Most systems administrators will be familiar with the concept of a "service account" in a Microsoft Windows network infrastructure. What many do not realise is that this concept is a purely human one. Neither Active Directory, nor any individual

Pages