Overview XPath Injection, akin to other common injection attacks, specifically targets vulnerabilities within an application’s user input processing system. But what sets XPath Injection apart is its exploitation of XPath queries. The fallout? Unauthorized...
Bug bounty programs have been a popular phenomenon in the tech industry for the last decade or so. They’re an opportunity for anyone to identify vulnerabilities in a company’s software or infrastructure and get rewarded for their discoveries. But, how do...
On occasion, we get clients who are concerned about some of the stereotypes that they may read about or hear when it comes to a penetration test. While a penetration test may be us attacking your infrastructure, we are not your adversaries. Your company made the...
When testing web applications, the understanding and use of various encoding schemes is a fundamental skill. In particular, we often see Base64, URL encoding, and HTML encoding used across many applications both as part of the application’s general functionality and...
What is the best note-taking application for pentesters? It’s a hot debate, and if you prefer to watch than read then we recently compared many of the popular options in this video. Otherwise, let’s take a look at what each app has on offer to help you decide what’s...
Pentesting is inherently time-consuming. This constraint alone has led to the rise of scanners as well as the exclusion of regular pentesting in many modern development lifecycles. Whilst we can’t automate and deliver everything at lightspeed, there are things we can...
