Application Security

Application Security

Lampião 1: CTF Walkthrough

Lampião 1: CTF Walkthrough

| | Penetration Testing
In this article, we will learn to solve a Capture the Flag (CTF) challenge which was posted on VulnHub by Tiago Tavares. According to the information given in the description by the ...
It’s past time to pay much more attention to API security

It’s past time to pay much more attention to API security

Organizations manage 363 APIs, on average. But vulnerable APIs can expose your data to anyone who knows how to ask for it. API security starts with the basics. The original version of ...

Red Team Assessment Phases: Establishing Foothold and Maintaining Presence

| | Penetration Testing
In the previous phase, the goal was to gain initial access to the target network. The focus of this phase is to expand this access to the level necessary for achieving the ...
Read: New Attack Analytics Dashboard Streamlines Security Investigations

Read: New Attack Analytics Dashboard Streamlines Security Investigations

Attack Analytics, launched this May, aimed to crush the maddening pace of alerts that security teams were receiving. For security analysts unable to triage this avalanche of alerts, Attack Analytics condenses thousands ...

Twelve Days of XSSmas

This series of daily mini-posts, running from December 12, 2018 to December 24, 2018, is intended to provide cross-site scripting (XSS) related tips. This will range from filter-evasion and payload minification tricks, ...
2018 In Review: Healthcare Under Attack

2018 In Review: Healthcare Under Attack

Radware’s ERT and Threat Research Center monitored an immense number of events over the last year, giving us a chance to review and analyze attack patterns to gain further insight into today’s ...

Red Team Assessment Phases: Gaining Access

| | Penetration Testing
This phase is the first of several where the red team actively interacts with the target’s environment. Some of these phases tend to blend together, as the line between gaining initial access ...

Professionally Evil CISSP Certification: Breaking the Bootcamp Model

ISC2 describes the CISSP as a way to prove “you have what it takes to effectively design, implement and manage a best-in-class cybersecurity program”. It is one of the primary certifications used ...
Deconstructing Data Leak incident of Signet Jewelers (parent company of Kay and Jared jewelers)

Deconstructing Data Leak incident of Signet Jewelers (parent company of Kay and Jared jewelers)

Protecting the Crown Jewels: Deconstructing Data Leakage in Exotic Environments (Inspiration from Signet — Kay/Jared Jewelers Breach)Credits : Micheal HillNote : The following series of deconstruction/post-mortem is indicative of the security issues similar to ...
Loading...