Our researchers were conducting a web application penetration testing for one of our clients and while modifying the account data such as first and last name fields, they discovered that they were not being properly sanitized. The vulnerable parameters could have been exploited to inject malicious JavaScript code, resulting in Stored XSS. Cross-Site Scripting (XSS) is a type of injection attack...
Since I recently passed the “Burp Suite Certified Practitioner” exam, I felt it would be useful to share some of my experiences and lessons learned, with those who are considering taking this exam, or just interested in completing the PortSwigger Academy challenges. How did I prepare? Despite the fact that I have spent several years testing web applications, there is always a need to...
Recently, we were given the mission to conduct an internal and wireless security assessment for one of our clients. Following the discovery of vulnerabilities in their network security and the acquisition of access to their wireless infrastructure, we were able to carry out remote network scanning of their internal systems. After enumerating their running services and probing for open web...
Penetration testing, also known as pentesting, is a simulated cyber attack on a computer system, network, or web application with the goal of finding security vulnerabilities that could be exploited by malicious hackers. In today’s rapidly evolving digital world, pentesting has become a critical component of any organization’s security strategy. In this blog post, we will explore why pentesting...