fbpx
About scanning the admin interface

About scanning the admin interface

A common question in web application tests is whether it is necessary to scan the admin interface. Users with an average level of rights can't log in anyway, so you can't expect a threat from that direction. But is that really so?Are we in danger?The admin...
What has the OWASP given us?

What has the OWASP given us?

The non-profit Open Web Application Security Project (OWASP) is a foundation which works to improve software security. It was launched on December 1, 2001 and since then it has been helping developers continuously with free guides and resources.WSTG 4.1, of courseThe...
I want a web application test!

I want a web application test!

The developers have delivered, the web application is ready. It works great, the design is also amazing – but who decides if it is safe enough? Who can we contact to get an independent opinion? It depends on the source code tooLife has not stopped at developer...
What can be revealed in a grey box test?

What can be revealed in a grey box test?

The purpose of grey box testing is to look for vulnerabilities resulting from improper design or improper use of applications. The grey box test is a combination of white box and black box testing. With this method, we most often examine applications and networks...
The Red Team is attacking!

The Red Team is attacking!

The red team is a team of external experts who usually carry out real attacks on IT systems at the request of senior management without the knowledge of the IT department. In attacks, “everything is worthwhile” that does not threaten the collapse of the...
Source code review: Why and When? Is it really important?

Source code review: Why and When? Is it really important?

Source code review is a software quality assurance activity in which experts verify a program primarily by analyzing its source code. At least one of the reviewers must not be the author of the source code.It looks obscure from outsideOne of the most important areas...
Assessment after data breach: is it mustard after meat?

Assessment after data breach: is it mustard after meat?

Intrusion into corporate networks has become common, and unfortunately, in most cases, stakeholders only realize it too late. What can you do if you are hacked? How can we prevent another malicious intrusion?Intrusion is rather commonPerhaps the most important...
The external vulnerability assessment and the Black-box approach

The external vulnerability assessment and the Black-box approach

Have you ever wondered how hackers see your external network? What is visible from the outside? Are they able to find vulnerable points? The answer for these questions is an external vulnerability assessment with a Black-box approach. The Black-box assessment is a...
Protection against Ransomware

Protection against Ransomware

In Information Technology such vulnerabilities appear from time to time that can cause extremely serious damages in case they are exploited. This exposure is exponentially increasing as ever-growing part of the business is moving into cyberspace. It is no coincidence...
Privilege Escalation and Home Office

Privilege Escalation and Home Office

Working from home may reveal the flaws of applications and processes in use so double-checking the access controls and privilege escalation possibility is highly recommended. Web applications are more popular than ever, people prefer working remotely from home instead...