Microsoft and Okta Targeted by LAPSUS$
Microsoft and Okta, a provider of authentication services, said they are looking into claims of a possible breach made by LAPSUS$.
Microsoft and Okta, a provider of authentication services, said they are looking into claims of a possible breach made by LAPSUS$.
Mobile Application Penetration Testing often has a different flow to web application or network testing. This is because not only do you get an application but you also get the software itself. This runs on a device you control and allows for a much wider attack surface. It also allows DE compilation of code and hooking of calls all in service of attacking the application. As such, mobile app pentesting requires an entirely different skill set, knowledge base and methodology. Most mobile application penetration tests rely on the OWASP-MASVS (Mobile Application Security Verification Standard). Senior application developers and hackers are responsible for developing this to ensure that applications meet minimum security requirements. The content in this blog comes from the OWASP-MSTG which is one of the most complete methodologies available.
The threat of smart home devices is growing. It’s almost 2022 and the market for IOT or smart devices is exploding. In fact, one estimate predicts there will be 21 billion IOT devices by the end of 2021! This innovation explosion means it is now possible to purchase a kettle that we can switch on … Read more
Wireless networks are generally a weaker alternative to a hardwire connections. Why is this? Well, if the wireless network’s traffic is open, then anyone within range can gain access which means it’s vulnerable to a ‘sniffing attack’. Modern wireless networks get around this by using encryption that requires a secret key. How are wireless networks … Read more
GDPR gives the control of personal data back to the person it belongs to. This, in turn, ensures a safeguard for peoples’ privacy as a basic human right. It is important for companies to be aware of and adhere to as there are tough financial penalties for non-compliance.
If the name doesn’t already sound strange enough, wait until you see what you can do with Google Dorking. Before we dive deep into how we can use Google Dorking. We must first look at search engines themselves. What is a search engine? A search engine can be thought of as a behemothic database, however, … Read more
OSINT or Open-source Intelligence is a process of data collection using sources that are open to the public. This can be a wide range of origins – anything from large blogs to specific images and the metadata contained within. Everything posted online discloses some information about the poster and this is what OSINT is looking … Read more
Web application penetration testing describes the process of simulating an unobtrusive attack against a web application. It allows companies to understand vulnerabilities that are easy to miss during the development process. These vulnerabilities can have wide-reaching consequences to the application as well as the data stored within its database.
Clickjacking is a generally misunderstood security vulnerability that is often difficult to explain and understand. The attack itself has been around for some time now; the term comes from a portmanteau of the words “click” and “hijacking.” But what is clickjacking?
Each piece of the cyber security puzzle for your organisation is important. At Sencode, we believe the best way to combat the surge in cybercrime is to use an innovative method we call ‘Test and Teach’.