Collaborate Disseminate
Vulnerability scanners delve into systems to uncover security gaps. The primary mission? To fortify organizations against breaches and shield sensitive data from exposure. Beyond merely pinpointing weaknesses, vulnerability scanning is a proactive meas… Continue reading 5 free vulnerability scanners you should check out
Despite authentication being a cornerstone of cybersecurity, risk mitigation strategies remain outdated, according to new research from Enzoic. With the attack surface expanding and the increasing sophistication of cyber threats, organizations are stru… Continue reading Enterprises persist with outdated authentication strategies
I’m new to cybersecurity and learning about pen testing Android security. I need tools for this. I found a website with a list of 75 tools (https://gbhackers.com/android-security-penetration-testing/). But I’m not sure if they’re all meant… Continue reading Android Security Testing and Tools Clarifications
I am calculating the CVSS score for an issue, and I am confused about the Privileges Required (PR).
The issue is, for a client desktop app that connects to a server, the logged in user allows debugging, the JWT token of the user will be lo… Continue reading How to assess the Privilege Required?
The TSA has announced updates to its Security Directive (SD) to strengthen the operational resilience of oil and natural gas pipeline owners and operators against cyber-attacks. In this Help Net Security video, Chris Warner, OT Senior Security Consulta… Continue reading A closer look at the new TSA oil and gas pipeline regulations
When doing black-box vulnerability assessment (with permission of course) of a subdomain of a website, the first step is enumeration; and the first step of that is finding IP of the subdomain.
If you find this IP, and then upon performing … Continue reading In case of multiple websites using a single IP, and we have been asked to perform vulnerability assessment to ensure its security, how many to target
A group of international researchers has achieved a breakthrough in computer security by developing a new and efficient cipher for cache randomization. The cipher, designed by Assistant Professor Rei Ueno from the Research Institute of Electrical Commu… Continue reading SCARF cipher sets new standards in protecting sensitive data
I have to add provide a draft of a risk assessment for a small EU project.
As I’ve never done this, I struggle with identifying assets or vulnerabilities. I’m aware of very general lists, but I wonder how relevant it is to point out that f… Continue reading How does a risk assessment for an EU project look like?
Cross-Site Scripting (XSS) vulnerabilities are quite common in web applications. These vulnerabilities allow attackers to inject their own JavaScript into the application which can have devastating impacts. TrustedSec regularly creates weaponized XSS payloads on engagements to perform malicious actions such as stealing documents we shouldn’t have access to. One specific form of XSS vulnerability that…
The post Chaining Vulnerabilities to Exploit POST Based Reflected XSS appeared first on TrustedSec.
Continue reading Chaining Vulnerabilities to Exploit POST Based Reflected XSS
I saw a setup recently where frontend and resource servers were hosted on subdomains of the same second level domain. E.g. ui.example.com and api.example.com.
It had an interesting authentication flow that seemed like a variant of the refr… Continue reading Security implications of using the current session to mint new access tokens