Home > Insights > Application

Insights

All insights
Application
Mobile
Network
Uncategorized

[5min]
Pentesting Authentication
Application Pentesting Authentication
Pentesting authentication is a critical step of any gray-box pentest. Here we review steps of how a pentest should assess these controls.
[4min]
Pentesting ELBs - Where Vulnerabilities Hide in Plain Sight
Application Pentesting ELBs – Where Vulnerabilities Hide in Plain Sight
Vulnerabilities affecting ELBs can be easily overlooked. It’s critical for pentesters to look out for these AWS features when analyzing an attack surface.
[9min]
A Pentester’s Guide to Input Validation
Application A Pentester’s Guide to Input Validation
Input Validation is a fundamental concept of penetration testing. This guide is written for new pentesters and developers looking to bolster these core skills.
[6min]
HIPAA Penetration Testing - A Primer for Healthcare Security
Application HIPAA Penetration Testing – A Primer for Healthcare Security
Curious about HIPAA requirements and what it means for your pentest? Let’s review some technical examples of why pentesting in healthcare is so unique.
[6min]
Black Box vs. Gray Box vs. White Box Pentesting Explained
Application Black Box vs. Gray Box vs. White Box Pentesting Explained
Black Box, Gray Box, and White Box pentests have pros and cons. Here we lay out all the differences to help you decide which one fits best.
[5min]
Developing Like A Pentester - (And How To Reproduce Any Vulnerability)
Application Developing Like A Pentester – (And How To Reproduce Any Vulnerability)
Reproducing vulnerabilities from a pentest report is a pain, but with just a few simple tips it doesn’t have to be.
[7min]
Pentesting User Interfaces: How to Phish Any Chrome, Outlook, or Thunderbird User
Application Pentesting User Interfaces: How to Phish Any Chrome, Outlook, or Thunderbird User
In this blog post, we demonstrate how graphical user interfaces could be vulnerable to spoofing attacks by using certain Unicode characters.
[7min]
5 Tips for selecting a penetration testing company in 2021
Application 5 Tips for selecting a penetration testing company in 2021
Selecting a penetration testing company can be a pain. Here are five important tips to ensure you penetration testing vendor will set you up for success.
[2min]
Tale of a Wormable Twitter XSS
Application Tale of a Wormable Twitter XSS
This is a tale of how we found a wormable XSS on Twitter, and how we managed to fully bypass its CSP policy.