Your Strict Transport Security policy may not be as strict as you think. A common misconfiguration can lead to a suprising amount of plaintext leakage.
The following post aims to provide a high level overview of an iOS application security review methodology and an introduction of some tools publicly available to perform the analysis.
In this blog post Nilesh shares his experience performing a SCADA assessment, what pentest approach works best for highly sensitive systems, and preferred tools of the trade.
U2F is an open, driverless, digital signature challenge-response protocol for secure two factor authentication. It’s designed to improve user security through ease of use.
SQLMap is one of the best tool in exploiting sql injection. However, there are moments where this tool will not produce the expected results if we do not supplying the correct options. This post covers a tricky SQL Injection vulnerability that I found in a recent assessment.
A web browser’s same origin policy plays a major role in preventing Cross-Site Request Forgery attacks. The standard is clear on what the acceptable behaviour is, but do all browsers follow it?
Explore how GitHub Actions can be leveraged to rotate IP addresses during password spraying attacks to bypass IP-Based blocking such as Entra Smart lockout.