Successful mitigation of today’s security threats requires an approach that is both on the offensive and on the defensive. Here, we give our take on how to approach and handle specific security challenges, as well as our reaction to some of the latest industry topics.
03.21.19During application testing, most SQL injection attacks are mundane. Often, when there is one SQL injection, there are many–and they are easily exploitable with tools like sqlmap. Occasionally, an application is largely protected against SQL injection, but something interesting happens on a test. A tester manually validates a SQL injection vulnerability based on server responses,… Read more »
09.25.18Learn how to prevent the exploitation of Amazing S3 buckets with weak permissions from one of our security consultants.
06.26.18Turn Your Software Development Security into a Repeatable Engineering Process Companies have long viewed application security testing as a black art that’s dependent upon a small number of experts wielding arcane tools to find vulnerabilities and develop exploits. However, as the velocity of software development increases, the old way of running security tests becomes less… Read more »
01.19.18Interested in building your own mobile application testing lab? We’re here to help. A key aspect of testing mobile applications is the ability to observe and modify network traffic. Learn how to use a router with modified firmware to perform HTTP/HTTPS-based traffic interception. 3 Methods for Intercepting Traffic 1. ARP cache poisoning Testers can use… Read more »
12.04.179 Tips to Help You Land the Information Security Job You Want with Minimal Related Experience I consistently hear from service members who are leaving the military and want to move into the information security field. For those who spent their time in the military working in the computer security field and are leaving the… Read more »
