90 results for "unauthorized access"

Mastering the essentials of API security with examples for OWASP Top 10 for APIs

When you hear about API (Application Programming Interface), do you get anxious because you don’t understand it very well? Do you feel like you can’t keep up with new technology? If you do, you’re not alone! Take a deep breath. Take another. Excellent! I’ll help you overcome your API security FOMO. In this guide, you’ll learn: how APIs work how to exploit the most common API vulnerabilities real-life examples of data breaches caused by API security issues API security best practices, and much more!

Author(s)

Kelyan Yesil

Published at: 09 Feb 2024

Security research

Securing your Laravel application: A comprehensive guide

As someone who has worked with the Laravel framework for years, I've seen firsthand the importance of taking security seriously. I've seen how simple mistakes lead to disastrous consequences, and I've also seen the benefits of a secure and well-maintained Laravel application.

Author(s)

Published at: 28 Dec 2023

Security research

3 initial access tactics to simulate in your penetration tests

In this guide, I’ll talk about these tactics (phishing attacks, RDP attacks, and exploitable vulnerabilities) pentesters can use to simulate realistic attack scenarios and apply them in their ethical hacking engagements. You'll walk away with practical examples and actionable advice on how to effectively replicate these attacks. Plus, you’ll help your customers to create better security awareness inside their organizations.

Author(s)

Catalin Iovita

Published at: 29 Sep 2023

Security research

Breaking down the 5 most common SQL injection attacks

In this ongoing battle, organizations and offensive security pros grapple with many questions: Why do these attacks persist? What are the most prevalent types of SQL injection attacks? And, most importantly, how do we prevent them effectively? You’ll get answers to these burning questions (and more!) in this practical guide.

Author(s)

Published at: 01 Sep 2023

Security research

Exploiting OGNL Injection in Apache Struts

Let’s understand how OGNL Injection works in Apache Struts. We’ll exemplify with two critical vulnerabilities in Struts: CVE-2017-5638 (Equifax breach) and CVE-2018-11776.

Author(s)

Ionuț Popescu

Published at: 14 Mar 2019

Security research

10 Practical scenarios for XSS attacks

Let’s delve into these 10 practical attack scenarios with actionable examples that highlight the real risk of cross-site scripting (XSS) vulnerabilities.

Author(s)

Published at: 07 Jul 2023

Security research

Essential HTTP Headers for securing your web server

In this article, we discuss the most important HTTP headers that you should configure on your web server in order to improve its security.

Author(s)

Satyam Singh

Published at: 22 Oct 2018

Security research

How supply chain attacks work and 7 ways to mitigate them

Your organization is a connected network of vendors, software, and people that keep your business operational. Each of these elements has various degrees of access to sensitive information which a bad actor can use as entry points in supply chain attacks.

Author(s)

Iulian Tita

Published at: 20 Feb 2023

top most exploited vulnerabilities in 2022

Security research

The most exploited vulnerabilities in 2022

Offensive security is a fast-moving space, yet some security vulnerabilities persist for years, causing problem after problem. 2023 being no exception, you can spare yourself from repetitive work by learning to find and mitigate these top 10 CVEs.

Author(s)

Kelyan Yesil

Published at: 16 Mar 2023

We think we know podcast

We think we know what it takes to build hacking tools

Why would someone spend a lot of their time making penetration testing tools? Especially when it takes what it takes to maintain them. Today on We think we know, we're peeling back the layers of offensive security with the enigmatic Panagiotis Chartas, also known by his alias - Telemachus - a nod to his Greek heritage and the strategic depth of his expertise.

Author(s)

Published at: 27 Feb 2024

exploit CVE-2023-22518 and CVE-2023-22515

Security research

From bypass to breach: how to get RCE in Confluence's latest CVEs

I’m gonna help you get the answers you need by demonstrating how to go beyond authentication bypass and achieve RCE using CVE-2023-22515 and CVE-2023-22518. Together we’ll explore their root causes and how to demonstrate the risk involved if an attacker uses these CVEs successfully.

Author(s)

David Bors

Published at: 14 Nov 2023

Security research

How these vulnerabilities pushed offensive security forward

Not all vulnerabilities are alike. Some are true game-changers, uncovering new possibilities, and more layers of complexity to explore. Let’s look at what five of the most notorious vulnerabilities from the past decade taught us - and how they shaped the infosec community.

Author(s)

Kelyan Yesil

Published at: 04 Jun 2024

Discover our ethical hacking toolkit and all the free tools you can use!

Create free account