Exploring Password Reset Vulnerabilities and Security Best Practices Passwords are still the most common way of authenticating a user. However, setting up a password management system that is both simple and secure can ... 26.01 Applications
Introduction to Burp Suite, the Tool Dedicated to Web Application Security Burp is an essential offensive security tool. It is used by a majority of professionals (including us pentesters) and is dedicated mainly to pentestin... 15.01 Applications
API Penetration Testing: Objective, Methodology, Black Box, Grey Box and White Box Tests APIs are prime targets for attackers because of their exposure and critical nature, particularly in terms of handling sensitive data. To minimise the ... 04.01 Applications
Mobile Application Penetration Testing: Objective, Methodology and Testing Scope Mobile applications are increasingly used in all areas of business: HR, finance, insurance, transport, and so on. As a result, they are prime targets ... 13.11 Applications
Security Misconfiguration: OWASP Top 10 #5 Security misconfiguration is a worrying problem, occupying fifth place in the OWASP Top 10. In fact, we frequently encounter many vulnerabilities of t... 25.10 Applications
Vulnerable and Outdated Components: OWASP Top 10 #6 Third-party components are omnipresent in web applications. Libraries, frameworks and other system components are used more and more, because they red... 24.10 Applications
RCE (Remote Code Execution): Exploitations and Security Tips Exploiting a RCE vulnerability for a pentester is something of a Holy Grail. Depending on the context, there are numerous techniques for executing cod... 23.10 Applications
Understanding and Preventing CORS Misconfiguration Before presenting practical examples of CORS misconfiguration, it is important to define several points. First, the principle of the Same-Origin Polic... 23.10 Applications
Insecure Authentication Tokens leading to Account Takeover Most applications have a critical feature for identifying users. The aim is to guarantee the confidentiality and integrity of their data. Common metho... 18.09 Applications
Internal Penetration Testing: Objective, Methodology, Black Box and Grey Box Tests Faced with an ever-increasing number of internal attacks, network infrastructure security is a key factor in ensuring the confidentiality and integrit... 18.08 Infra & Network
Exploiting an LFI (Local File Inclusion) Vulnerability and Security Tips When we visit a website, it is common to be able to browse different pages. Each page can be represented by a file on the server. In order to determin... 07.08 Applications
