We have had a couple of penetration test engagements that involved GraphQL endpoints. At first, it looked complex and we sketched out the methodology and approach to perform the penetration test. Here’s how it went,

Modern-day mobile applications implement additional levels of security controls that prevent an attacker from intercepting the content for the HTTPS connection. Such implementation won’t allow common proxy tools to intercept and log the application traffic.

We recently performed another internal network assessment with the goal to gain Domain Administrator access on the target network. We had unauthenticated access to the network, i.e. unauthorized user or an internal attacker onto the user LAN.

We recently performed an internal network penetration test for a large enterprise with up to 3 domains and 2000+ hosts. We had zero knowledge of the target network (as an attacker would have) and were placed onto the user VLAN with unauthenticated access.

Purple Teams, cables and continuous assurance; CHCon took place on November 5-6 in Christchurch in the historic Main Hall at the Arts Centre heritage site. Blacklock was proud to be a Bronze sponsor.

Agile methodologies in software development have accelerated in recent years, helping businesses provide value to customers much faster. This approach takes an interactive approach to software development, where products are developed in small iterations throughout the entire process.