AuthorArben Shala

A Silent Threat: Blind XSS affecting all Recurly Instances


Our researchers were conducting a web application penetration testing for one of our clients and while modifying the account data such as first and last name fields, they discovered that they were not being properly sanitized. The vulnerable parameters could have been exploited to inject malicious JavaScript code, resulting in Stored XSS. Cross-Site Scripting (XSS) is a type of injection attack...

Burp Suite Certified Practitioner Exam: Review and Insights


Since I recently passed the “Burp Suite Certified Practitioner” exam, I felt it would be useful to share some of my experiences and lessons learned, with those who are considering taking this exam, or just interested in completing the PortSwigger Academy challenges. How did I prepare? Despite the fact that I have spent several years testing web applications, there is always a need to...

How Misconfigured and Vulnerable Devices Could Expose Your Company to Physical and Cyber Threats


Recently, we were given the mission to conduct an internal and wireless security assessment for one of our clients. Following the discovery of vulnerabilities in their network security and the acquisition of access to their wireless infrastructure, we were able to carry out remote network scanning of their internal systems. After enumerating their running services and probing for open web...


Pretera is an offensive security company offering a wide range of services such as network and application penetration testing, social engineering and red teaming.

Additionally, Pretera would be able to find the right partners for additional security services that are not currently covered by us.

We are a team of highly skilled professionals spread across different countries both in Europe and in the US.

Get in touch

Feel free to get in touch with the Pretera team via contact[at]pretera[dot]com!