White Box Penetration Testing: Objectives, Methodology and Use Cases When pentesting a web application, an API or an internal network, there are generally 3 approaches: black box, grey box and white box testing. These a... 29.02 Applications
Antivirus and EDR Bypass Techniques Antivirus, anti-malware and EDR are tools commonly used to prevent attacks. However, these solutions can be bypassed. In this article, we take a close... 23.02 Applications
Penetration Testing: Methodology, Scope and Types of Pentests With cybersecurity risks on the rise, it is becoming more and more obvious to carry out a penetration test (pentest) to reassure customers, partners a... 05.02 Applications
Exploring Password Reset Vulnerabilities and Security Best Practices Passwords are still the most common way of authenticating a user. However, setting up a password management system that is both simple and secure can ... 26.01 Applications
Introduction to Burp Suite, the Tool Dedicated to Web Application Security Burp is an essential offensive security tool. It is used by a majority of professionals (including us pentesters) and is dedicated mainly to pentestin... 15.01 Applications
API Penetration Testing: Objective, Methodology, Black Box, Grey Box and White Box Tests APIs are prime targets for attackers because of their exposure and critical nature, particularly in terms of handling sensitive data. To minimise the ... 04.01 Applications
Mobile Application Penetration Testing: Objective, Methodology and Testing Scope Mobile applications are increasingly used in all areas of business: HR, finance, insurance, transport, and so on. As a result, they are prime targets ... 13.11 Applications
Security Misconfiguration: OWASP Top 10 #5 Security misconfiguration is a worrying problem, occupying fifth place in the OWASP Top 10. In fact, we frequently encounter many vulnerabilities of t... 25.10 Applications
Vulnerable and Outdated Components: OWASP Top 10 #6 Third-party components are omnipresent in web applications. Libraries, frameworks and other system components are used more and more, because they red... 24.10 Applications
RCE (Remote Code Execution): Exploitations and Security Tips Exploiting a RCE vulnerability for a pentester is something of a Holy Grail. Depending on the context, there are numerous techniques for executing cod... 23.10 Applications
Understanding and Preventing CORS Misconfiguration Before presenting practical examples of CORS misconfiguration, it is important to define several points. First, the principle of the Same-Origin Polic... 23.10 Applications
Insecure Authentication Tokens leading to Account Takeover Most applications have a critical feature for identifying users. The aim is to guarantee the confidentiality and integrity of their data. Common metho... 18.09 Applications
