Posts by pretera
SILENT THREAT: Blind XSS affecting all recurly instances
Our researchers were conducting a web application penetration testing for one of our clients and while modifying the account data such as first and last name fields, they discovered that they were not being properly sanitized. The vulnerable parameters could have been exploited to inject malicious JavaScript code, resulting in Stored XSS. Cross-Site Scripting (XSS)…
Read MoreBurp suite certified practitioner exam: Review and Insights
Since I recently passed the “Burp Suite Certified Practitioner” exam, I felt it would be useful to share some of my experiences and lessons learned, with those who are considering taking this exam, or just interested in completing the PortSwigger Academy challenges. How Did I Prepare Despite the fact that I have spent several years…
Read MoreHow misconfigured and vulnerable devices could expose your company to physical and cyber threats
Recently, we were given the mission to conduct an internal and wireless security assessment for one of our clients. Following the discovery of vulnerabilities in their network security and the acquisition of access to their wireless infrastructure, we were able to carry out remote network scanning of their internal systems. After enumerating their running services…
Read MoreWhy Penetration Testing is Important
Penetration testing, also known as pentesting, is a simulated cyber attack on a computer system, network, or web application with the goal of finding security vulnerabilities that could be exploited by malicious hackers. In today’s rapidly evolving digital world, pentesting has become a critical component of any organization’s security strategy. In this blog post, we…
Read More