Cybersecurity Blog

Search

Cloud

Infra & Network

IoT

Phishing & Social Engineering

How WebSockets Work? Vulnerabilities and Security Best Practices

WebSocket is a real-time bidirectional communication protocol designed for efficient data exchange between a client (web browser, application) and a s...

12.03

Applications

Introduction to ZAP, an Open Source Interception Proxy

10.03

Applications

What is Clickjacking? Exploitations and Security Best Practices

Clickjacking is a discreet but formidable attack technique. It exploits the user interface to trick victims into interacting with invisible or disguis...

21.02

Applications

Phishing Campaign: Objectives, Methodology, Spear and Mass Phishing Examples

Phishing remains one of the most formidable and widely used techniques in cyber attacks. Exploiting human weakness, this method consists of tricking v...

21.02

Phishing & Social Engineering

Content Security Policy Bypass Techniques and Security Best Practices

Content Security Policy (CSP) is an essential security measure for protecting web applications against certain types of attack. By defining strict rul...

12.02

Applications

What is Object Injection? Exploitations and Security Best Practices

Object injection is an application vulnerability that occurs when an application deserializes untrusted data. If an attacker manages to inject a malic...

07.02

Applications

What is Blind SQL Injection? Attack Types, Exploitations and Security Tips

Blind SQL Injections are a category of SQL injection. Unlike traditional SQL injections, they do not directly provide the results of queries or detail...

04.02

Applications

What is Kerberoasting? Attack and Security Tips Explained

Kerberoasting is a common attack in Active Directory environments. It is based on a weakness in the Kerberos protocol, but its exploitation requires s...

04.02

Infra & Network

Symfony Security Best Practices, Vulnerabilities and Attacks

16.01

Applications

How to Detect Secrets? Tools and Techniques

Before discussing techniques and tools, it is essential to define the ‘secrets’ sought during penetration tests. These secrets are generally private c...

13.01

Applications

XPath Injections: Exploitations and Security Tips

Although XML is an old language, it is still widely used, particularly in the banking sector. If you’re a pentester or a developer, you’re...

13.01

Applications

Understanding OAuth 2.0 and its Common Vulnerabilities

09.01

Applications

1
2
3
4
5
…
17

Language

Stay connected!

Receive offensive security updates (selection of articles, events, training…)

Categories

Cloud

Infra & Network

IoT

Phishing & Social Engineering

Search

Keywords

active directory

cloud pentesting

infra & network pentesting

iot penetration testing

social engineering pentesting

vulnerabilities & attacks

web app pentesting

White papers

All our white papers

Tell us about your offensive security challenges and needs

Contact us to discuss your offensive security needs and get information about our services and processes. Our team will get back to you as soon as possible.

Contact us

33 quai Arloing
 69009 Lyon, France

+33 (0)4 37 92 98 85

Contact

PASSI

ISO 27701

Certification iso 27001

Crest