Jun 18, 2020 | Penetration Testing
This is an article in a series on Web Application Vulnerability Basics. What Is Insecure Direct Object Reference? Insecure Direct Object Reference, also known as IDOR, is a reference to an internal implementation object that is exposed to a user without proper...
Jun 11, 2020 | Penetration Testing
This is an article in a series on Web Application Vulnerability Basics. What Is Cross-Site Scripting? Cross-Site Scripting, also known as “XSS”, is a web exploit that allows an attacker to inject malicious content (such as markup, or scripts) into a web application....
May 28, 2020 | Penetration Testing
This is an article in a series on Web Application Vulnerability Basics. What Is Cross-Site Request Forgery? Cross-Site Request Forgery, also known as CSRF and XSRF, is a web application attack that tricks a victim into submitting a malicious request to a web app that...
May 21, 2020 | Penetration Testing
This is an article in a series on Web Application Vulnerability Basics. What Is a Path Traversal Attack? Path traversal, also known as directory traversal and backtracking, is an exploit that allows an attacker to access files on a web server that they are not...
May 21, 2020 | Cybersecurity, Penetration Testing, Podcast, Uncategorized
Podcast: Play in new window | DownloadSubscribe: Google Podcasts | Spotify | Stitcher | Email | TuneIn | RSS | MoreOn this week’s episode, we’re testing how far a breach can go and what happens when a customer is 100% positive they’re system is...
May 14, 2020 | Cybersecurity, Penetration Testing, Podcast, Vulnerability Scanning
Podcast: Play in new window | DownloadSubscribe: Google Podcasts | Spotify | Stitcher | Email | TuneIn | RSS | MoreThis week we’re again joined by Eric and Randy to hear some war stories. Randy takes us through the time that he immediately accessed a bunch of...
Apr 30, 2020 | Case Study, Cybersecurity, eCommerce Fraud Prevention, Penetration Testing, Podcast
Podcast: Play in new window | DownloadSubscribe: Google Podcasts | Spotify | Stitcher | Email | TuneIn | RSS | MoreOn this week’s episode of Pwned Breach of the Week, we are checking out dating data that found itself on the market, unfortunately it was not interested...
Apr 2, 2020 | Penetration Testing
An Infrastructure Penetration Test is one of the best ways to discover weaknesses, vulnerabilities, misconfigurations, and threats located within your infrastructure. To conduct a Penetration Test, highly skilled engineers utilize the same tactics, techniques, and...
Jun 24, 2019 | Cybersecurity, Penetration Testing, Tenable, Vulnerability Scanning
By: Justin Fimlaid What is an Exim server? An Exim server is a mail transfer agent used on Linux like operating systems. Exim is a free software and used by as much as 57% of the Internet email servers. Over the past couple weeks it has been noted that a heavy amount...
Jun 10, 2019 | Cybersecurity, Penetration Testing, Vulnerability Scanning
By: Justin Fimlaid What is SHA-1 and what is the history of SHA-1? Originally SHA-1 was developed as part of a U.S. government capstone project. The first version of SHA was SHA-0 and that was developed in 1993 as the Secure Hash Standard. SHA-0 was originally...
