Internal Penetration Testing: Objective, Methodology, Black Box and Grey Box Tests Faced with an ever-increasing number of internal attacks, network infrastructure security is a key factor in ensuring the confidentiality and integrit... 18.08 Infra & Network
Exploiting an LFI (Local File Inclusion) Vulnerability and Security Tips When we visit a website, it is common to be able to browse different pages. Each page can be represented by a file on the server. In order to determin... 07.08 Applications
Web Application Penetration Testing: Objective, Methodology, Black Box, Grey Box and White Box Tests Faced with an ever-increasing number of sophisticated attacks, web application security is a major challenge. Indeed, security is now crucial to reass... 01.08 Applications
What is Mass Assignment? Attacks and Security Tips What is a Mass Assignment vulnerability? To make things easier for developers, many frameworks include features that automatically associate the param... 15.06 Applications
Data Encryption and Cryptographic Failures: OWASP Top 10 #2 In a previous article, we reviewed the most critical and widespread vulnerability in web applications according to the OWASP Top 10: broken access con... 20.05 Applications
White box audit of a CI/CD pipeline on AWS Recently, one of our clients asked us to review their Continuous Integration and Continuous Deployment (CI/CD) pipeline, deployed on an AWS infrastruc... 18.04 Cloud
How to update passwords in database to secure their storage with Argon2? In a previous article, we saw why it was important to store passwords in a database with robust hash functions such as Bcrypt and Argon2. This helps t... 13.04 Applications
What is Session Hijacking? Types of attacks and exploitations Access control is a central element in ensuring the security of web applications. It must be based on robust authentication and session management tha... 12.04 Applications
OWASP Top 10 #1: Broken Access Control And Security Tips The Open Web Application Security Project (OWASP) is a community working to improve the security of information systems and more specifically applicat... 31.03 Applications
Exploiting an HTML injection with dangling markup During a web application penetration test, we came across the following situation: 21.02 Applications
Multifactor Authentication (MFA) : how does it work? Types of attacks, exploits and security best practices Multifactor authentication (MFA) is a central and widely used mechanism for strengthening the security of user accounts and access to a system. Indeed... 15.02 Applications
