Web development is a dynamic landscape that’s constantly evolving with new technologies, trends, and security threats. Unfortunately, the crucial aspect of web security is often overlooked. There are many reasons for this, and they vary from team to team and...
Pentesting is inherently time-consuming. This constraint alone has led to the rise of scanners as well as the exclusion of regular pentesting in many modern development lifecycles. Whilst we can’t automate and deliver everything at lightspeed, there are things we can...
Clickjacking, also known as UI Redressing, is a technique that tricks users into clicking on unintended elements on a website. By using hidden elements, attackers deceive users into performing actions that they did not intend to carry out. How Does Clickjacking...
Overview Cross-Site Scripting (XSS) is a type of security vulnerability in web applications that enables an attacker to insert malicious code into a web page that can be viewed by other users (typically in the form of scripts). When a web application fails to properly...
The once-a-year pentest is commonplace for many organizations, however, is this a suitable timeframe, a minimum to meet compliance requirements, or somehow an accurate guess at the optimum interval? Let’s take a look at the factors we should consider and also at the...
Threat modeling is a process used to identify potential threats and weaknesses in a system. It involves breaking down a system and examining it to better understand what needs protecting, who might attack it, and how it can be protected. So who needs to be involved?...
