Mobile Application Penetration Testing often has a different flow to web application or network testing. This is because not only do you get an application but you also get the software itself. This runs on a device you control and allows for a much wider attack surface. It also allows DE compilation of code and hooking of calls all in service of attacking the application. As such, mobile app pentesting requires an entirely different skill set, knowledge base and methodology. Most mobile application penetration tests rely on the OWASP-MASVS (Mobile Application Security Verification Standard). Senior application developers and hackers are responsible for developing this to ensure that applications meet minimum security requirements. The content in this blog comes from the OWASP-MSTG which is one of the most complete methodologies available.
Where to start… So, When it comes to Cyber Security Careers, the possibilities are endless, as they are in most sectors. Some people choose to work as SOC analysts. Others opt for management positions. Penetration testing is a prominent career pathway in the world of Cyber Security. If you are considering a Penetration Testing Career, … Read more
Regular penetration testing is becoming increasingly important. What many business owners seem to want to know, however, is when to arrange a system test. Any application that processes personal data, whether in the storing or retrieving personal data, needs to have its security tested regularly according to GDPR Article 32 (1.D). Many systems have never … Read more
If the name doesn’t already sound strange enough, wait until you see what you can do with Google Dorking. Before we dive deep into how we can use Google Dorking. We must first look at search engines themselves. What is a search engine? A search engine can be thought of as a behemothic database, however, … Read more
Web application penetration testing describes the process of simulating an unobtrusive attack against a web application. It allows companies to understand vulnerabilities that are easy to miss during the development process. These vulnerabilities can have wide-reaching consequences to the application as well as the data stored within its database.
Penetration testing comes in many forms and is often dependent on the type of application/ system being tested. This often falls into four categories. API penetration test, mobile penetration test/application penetration test, infrastructure penetration test, and web application penetration test. Each one of these types of tests has different steps and techniques. API Penetration Testing: … Read more
Public, Powerful and Free. The Hacker’s Arsenal. While it is true that some elite hacking tools are passed in the shadows, most of these business-breaking programs are available on the public internet and have thousands of developers. For any aspiring hacker, these applications allow them to complete tasks in seconds which, 5 years ago, would … Read more
The Most Common TCP Ports and Their Services When looking at the output of a port scan, many hackers will know which service many of them correspond to. However, this does not necessarily show how common these ports are. This post highlights which ports are ACTUALLY most common on the internet and the services they … Read more
Cross-Site Scripting (XSS) attacks are injection attacks in which malicious scripts are injected into otherwise trustworthy and innocuous websites. XSS attacks occur when an attacker uses a web application to send malicious code to a particular end user, usually in the form of a browser side script.