Pentesting User Interfaces: How to Phish Any Chrome, Outlook, or Thunderbird User

Pentesting User Interfaces: How to Phish Any Chrome, Outlook, or Thunderbird User

| | application
In this blog post, we demonstrate how graphical user interfaces could be vulnerable to spoofing attacks by using certain Unicode characters. The post Pentesting User Interfaces: How to Phish Any Chrome, Outlook, ...
5 Tips for selecting a penetration testing company in 2020

5 Tips for selecting a penetration testing company in 2020

| | application
Selecting a penetration testing company can be a pain. Here are five important tips to ensure you penetration testing vendor will set you up for success. The post 5 Tips for selecting ...

Moving Fast Without API Guardrails?

In 1999, Bruce Schneir wrote, “complexity is the worst enemy of security.” Today, I’d argue that speed may be overtaking that top spot or coming darned close. There were two stories published ...
Who installs Zoom apps outside the Play Store? Well, lots of people.

Who installs Zoom apps outside the Play Store? Well, lots of people.

Video conferencing platform use has skyrocketed as people turn to remote work and e-learning, and Zoom has witnessed a tremendous surge in popularity. This popularity, though, has brought increased scrutiny that has ...

Advancing Application Delivery

Are you in an organization implementing Continuous Delivery? Are you a manager who wants to see your applications respond at the pace of the market - or better, be in front of ...
Tale of a Wormable Twitter XSS

Tale of a Wormable Twitter XSS

| | application
This is a tale of how we found a wormable XSS on Twitter, and how we managed to fully bypass their CSP policy. The post Tale of a Wormable Twitter XSS appeared ...

Penetration Testing for the Cloud – How it is different?

If you are working in the cyber security industry, you will be familiar with terms like application penetration testing, network.. The post Penetration Testing for the Cloud – How it is different? ...
Integrating OWASP ZAP in DevSecOps Pipeline

Integrating OWASP ZAP in DevSecOps Pipeline

Security and innovations have often been at contrast positions when it comes to the development of new products and services... The post Integrating OWASP ZAP in DevSecOps Pipeline appeared first on BreachLock ...
:-)

Webinar Q&A from Modern Network Threat Detection and Response

As promised, here is my lightly edited Q&A from a recent webinar called “Modern Network Threat Detection and Response.” Questions about vendors are removed, and some are edited for clarity. Q: I ...

Securing Apps When User Devices Are Compromised

Corporate networks and user PCs continue to be exploited—leaving your sensitive applications and data vulnerable. Network segmentation is a fundamental way to mitigate the risks associated with these vulnerabilities—but it only works ...