Apr 15, 2019 | Compliance, Cybersecurity, Information Security, Penetration Testing, Vulnerability Scanning
By: Justin Fimlaid If you haven’t heard of it there is a new banking directive in the U.K. called the Open Banking Directive. This directive went into effect on January 13, 2018. It’s significant for U.S. based banks, because this Directive could apply...
Mar 11, 2019 | Penetration Testing, Source Code Reviews
By: Justin Fimlaid Authentication is a critical piece of any application. It’s also always the piece of security architecture that is commonly attacked, so it’s important to get it right. When we talk about authentication it’s the act of establishing that someone or...
Nov 1, 2018 | Penetration Testing
By: Eric Kobelski As a software developer turned security engineer, I continue to follow current development technologies, as it makes me more of an effective tester. One of the articles that I was reading contained an interview with one of the applications developers...
Sep 11, 2018 | Information Security, Penetration Testing
Rewrite: Justin Fimlaid Original Author: Hunter Gregal Cross-site scripting, or otherwise known as XSS, is the most common web application vulnerability on the internet. I have found this to be true through both data research and personal experience during penetration...
Aug 17, 2018 | Penetration Testing
By: Randy Duprey What is Red Teaming? Red teaming in general can be defined as a goal-based adversarial testing process. The concept has existed since the sixth Century BCE when the ancient military genius Sun Tzu stated that “…one who knows the enemy and knows...
Jul 18, 2018 | Penetration Testing
By: Eric Kobelski, Security Engineer One question that we get consistently is “What exactly is a web application penetration test?”. There are some companies that will run a vulnerability scanner against your application and call that a penetration test, but this is...
Jul 2, 2018 | Penetration Testing
By: Eric Kobelski, REDSEC Operator Updated on: 08/27/2020 Burp’s collaborator is a useful tool to assist with web application (webapp) penetration and security testing; particularly when malicious payloads are injected and then executed by a vulnerable system. When...
May 31, 2018 | Penetration Testing
Originally Written By: Hunter Gregal Updated By: Justin Fimlaid It’s that time again; to practice our penetration testing skills and tactics! NullByte: 1 is another root-the-box type challenge that can be found on http://vulnhub.com. Like other challenges on the...
Dec 29, 2015 | Information Security, Penetration Testing
By: Hunter Gregal A key component of any enterprise network will often be a functional webserver with PHP compatibility and a database back-end. On a Linux server, a common setup is to use Apache HTTP Server as the primary webserver. Combining the Apache HTTP Server...
Dec 29, 2015 | Information Security, Penetration Testing
By: Hunter Gregal So you have an Apache2 webserver completely configured and installed on an Ubuntu/Debian machine. Perhaps you are using a MySQL backend along with PHP support (How To Install LAMP Server On Ubuntu ). But what happens when malicious attackers or bots...