blog

Our latest Blogs

Explore our latest blog posts and stay secure in a digital world.

Data Validation Framework – HDIV at a Glance
September 25, 2024
Pentests

Security study has again proved that most of the web application security attacks (approx 85% as per Gartner and NIST) are generated from application layer. It has always been a challenge for developers to validate parameters in URL, HTTP header, HTP request and non-editable fields on the page.

Continue Reading
Configuring ModSecurity with OWASP CRS – Part II
September 25, 2024
Pentests

The next step is to configure ModSecurity with OWASP CRS (Core Rule Set) rules.

Continue Reading
Configuring ModSecurity with OWASP CRS – Part 1
September 25, 2024
Pentests

We were motivated to write about it when few of our clients just instantly asked us about blocking all known malicious web attacks at web server level itself. We quickly suggested them an open source, reliable WAF solution that suffice to their requirement. Obviously, just installing WAF does not mean that you do not need application security controls.

Continue Reading
Pentesting Thick Client Apps
March 18, 2025
Pentests

Pentesting thick client applications is not a new concept instead the techniques adopted are new and interesting. I’m a bit lazy on explaining what thick client apps are, please refer here for more info. GTalk, Pidgin, Skype, MSN are few examples of thick client applications.

Continue Reading
.NET Inherent Protection against CSRF
March 18, 2025
Pentests

Cross Site Request Forgery is one of the most happening attacks over the internet today. The attackers find it easy to exploit as it does not require any authentication information, session cookies but only require the user to be authenticated to the application. And this works on every platform.

Continue Reading
Facebook Like Widget – Spammers Tool???
October 28, 2024
Pentests

Now a days, I get very curious to look at view-source of website where Facebook’s Like button is embedded. But why should I do this? Isn’t facebook Like button trusted? This is right.. Huh!!! The answer is NO. If there is a mismatch in the domain (you are visiting) and facebook’s Like button then there is surely a problem and it is a spam page.

Continue Reading
Local Data Storage Analysis with iOS Simulator
September 25, 2024
Pentests

There have been times when a penetration tester is not able to install iOS application on a physical device while performing iOS application security assessment. This can happen due to various reasons

Continue Reading
Catching Back Doors through Code Reviews
September 14, 2024
Pentests

Off late, code reviews have been gaining a lot of popularity. Organizations which till recently were content with a secure network and an occasional Penetration Test are now getting their application’s code reviewed before going live.

Continue Reading
Search
Blog Categories
Blog category ArrowNews, Events & Awards
Blog category ArrowNew Feature Updates
Blog category ArrowAI & Cybersecurity
Blog category ArrowGeneral
Blog category ArrowMobile pentests
Blog category ArrowWordpress CMS Security
Blog category ArrowMalware Analysis
Blog category ArrowTools & Techniques
Blog category ArrowPentests
Blog category ArrowPTaaS
Blog category ArrowCyber Security Solutions
Blog category ArrowTechnology
Subscribe to our newsletter

Join our newsletter today and enhance your knowledge with valuable insights. It's quick, easy, and free!

Be a Team Player
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.