January 29, 2020

From SQL and XSS injections, 3rd party vulnerabilities, file upload issues to password policy we ran a comprehensive penetration test and found a range of vulnerabilities for this client's portal. With 15 "Priority 1" and a number of other vulnerabilities our team did...

August 28, 2019

Technical jargon can be confusing and security related ones even more. The terms "SQL injection" and "XSS injection" seem funny as the image suggests, but understanding it is a key to resolving the issue.

To simplify it in a non technical way, imagine you have a ro...

August 12, 2019

While doing a basic code review for a client's web portal (bridging customers and service) we came across potential vulnerabilities which could compromise the system and recommended a proper ethical hack to screen the system. Our team managed to find 25 vulnerabilities...

August 2, 2019

Around 8 months back we conducted a non-intrusive security audit for an accounting backend application which involved us going through their system and making data classification matrix, supplier/processor list, data flow, network diagrams and conducting fact finding i...

July 18, 2019

The long awaited Debian 10 (code name buster) has finally been released. It has the latest software versions and boasts of 57,703 packages. Long term support (LTS) of 5 years has been promised as well to ensure security updates are available till mid 2024!

Debian 8...

July 12, 2019

The Information Commissioner's Office (the UK's privacy watchdog) announced its plan to slap British Airways with a record £183 million (238 million €).

In September 2018 BA disclosed a breach which affected 500,000 people where visitors on its website were diverted to...

May 27, 2019

- Facebook used to ask new users for their email password as a method of verification.

- Additionally, it offered to upload their email contact list (e.g. from google contacts).
- in May 2016, Facebook removed the message that explained the feature to upload contacts, h...

March 11, 2019

You can't use Ghidra to hack devices; it's instead a reverse-engineering platform used to take "compiled," deployed software and "decompile" it. In other words, it transforms the ones and zeros that computers understand back into a human-readable structure, logic, and...

February 6, 2019

A situation any company should avoid. Sole members having access to information which if lost causes irreparable damage (financial or reputation) to the company. Shared knowledge and information security usually contradict each other when it comes to sensitive data, bu...

January 9, 2019

"With great power comes great responsibility." Uncle Ben to Peter Parker (Spiderman)

Happy new year! In the previous years we have seen a lot: ransomware, compromised elections, huge personal data hacks and more. Last year also saw regulations being enacted like GDPR. 2...

Please reload

July 18, 2019

Please reload

Recent Posts
Featured Posts

15 "Priority 1" vulnerabilities detected by our team

January 29, 2020

1/4
Please reload

Archive
Please reload