How to Know Your Attack Surface (And to Reduce it) Abraham Lincoln (repeating a woodsman) would have answered the question: what would you do if you had just six hours to chop down a tree? I would spen... 12.03 Applications
Should You Perform a Pentest On a Production Environment? Once you have decided to go for a penetration test, you may wonder if it should target your production environment. Depending on the risks, it can be ... 25.02 Applications
Logging & Monitoring: definitions and best practices The OWASP Top 10 2017 introduces the risk of insufficient logging and monitoring. Indeed, inherent problems in this practice are often underestimated ... 21.01 Applications
Certificate and Public Key Pinning Introduction to Public Key Certificate A digital certificate is a data file that allow, on the one hand, the non-repudiation and the integrity of data... 10.12 Applications
How to optimise your use of Metasploit The Metasploit framework is an open source tool, allowing searching, analysing and exploiting vulnerabilities. It has many modules and tools that can ... 19.11 Applications
Should you do a demonstration of your solution to pentesters before a penetration test? Before starting a penetration test (pentest), should you present your product or solution to pentesters? It all depends on your situation and on your ... 05.11 Applications
Exploiting the SSRF vulnerability (2/2) In this previous article, we have seen what a SSRF vulnerability is, and how, in general, it can be exploited. We had placed ourselves in a quite simp... 14.10 Applications
Burp’s Functionalities and Extensions to Gain Efficiency Now that we have introduced four main functionalities of Burp Suite in the previous article, we will go a bit further with some functionalities and ex... 03.09 Applications
What does a penetration test vs a vulnerability scanner bring? The first one and the second are said to be the best allies of CISO (and in general people in charge of IT security). There are though two different t... 31.01 Applications
What R.O.I for a Security Audit? It is a question that we often hear. Unfortunately Sorry, we don’t have a ready made formula to reveal. The return on investment of a pentest is compl... 28.11 Applications
Protect yourself from CSRF attacks with the SameSite cookie attribute What is a Cross Site Request Forgery Attack? The CSRF is an attack that forces an end user to perform unwanted actions and without noticing on a web a... 18.10 Applications
Administration Interfaces: The Underestimated Weakness Administration interface, back-office, dashboard, admin panel… several names for the same thing: the place where organizations manage their data, supe... 11.07 Applications
