Search • Page 3/4

40 results for "SQL injection"

Behind the scenes – an interview with Adrian Furtuna, our founder and CEO

As cybercrime continues to escalate, businesses are increasingly prioritizing their cybersecurity strategies, often embracing penetration testing to address the most burning threats. Although this established practice is highly effective, there are still many necessary improvements to help scale it to the current needs of the tech ecosystem. CyberNews sat down with Adrian Furtuna, our Founder & CEO, to talk about the ins and outs of penetration testing. Here’s why Adrian believes that no matter how advanced the technology is, some aspects still need a human approach.

Author(s)

Ioana Rijnetu

Published at: 16 Feb 2022

Security research

How to detect and exploit CVE-2021-26084, the Confluence Server RCE

Thinking like an attacker is the right mindset that can help you better cope with this staggering growth of RCE vulnerabilities. As a pentester, you know it better than anyone. You’re also the best positioned to use your experience and know-how to detect exposed critical assets before malicious actors do. To help you help others, I’ll explore a critical RCE vulnerability in the Atlassian Confluence server across Linux and Windows in this practical guide packed with detection tactics and mitigation methods.

Author(s)

Iulian Tita

Published at: 31 Jan 2022

Platform updates

February updates: run deeper, more comprehensive scans

Supporting your ethical hacking engagements is what we do with each new batch of monthly updates we roll out. Here’s how we walk the talk this month.

Author(s)

Ioana Rijnetu

Published at: 16 Mar 2022

Platform updates

An enhanced version of our Website Vulnerability Scanner

To check the security of a web application or server, you need an automated scanner to save time spent on manual work. Our Website Vulnerability Scanner does that and much more (including detecting widespread vulnerabilities like Log4Shell)!

Author(s)

Ioana Rijnetu

Published at: 13 Feb 2019

Security research

How to exploit the DotNetNuke Cookie Deserialization

We looked at around 300 DotNetNuke deployments in the wild and discovered that one in five installations was vulnerable to CVE-2017-9822. That includes governmental and banking websites. As part of this research, we discovered a Remote Code Execution vulnerability exploitable through DNN Cookie Deserialization in one of the U.S. Department Of Defense’s biggest websites. After having responsibly reported it through HackerOne, the DOD solved the high-severity vulnerability and disclosed the report, with all details now publicly available.

Author(s)

Cristian Cornea

Published at: 10 Jun 2020

Read the article titled Behind the Tools: Răzvan Ionescu on the growth mindset, insatiable curiosity, and being comfortable with change in ethical hacking

Milestones

Behind the Tools: Răzvan Ionescu on the growth mindset, insatiable curiosity, and being comfortable with change in ethical hacking

At Pentest-Tools.com, we use our managed pentesting services to learn from our customers and listen to them. Every one of us works hard to understand what users need and why, feeding that knowledge into the platform while we continue to learn and grow as individuals and as a team. That’s why we eat our own dog food and we always practice what we preach.

Author(s)

Ioana Rijnetu

Published at: 03 Sep 2021

How ChatGPT impacts offensive security pros work

Community wisdom

Offensive security pros share how ChatGPT impacts their work

Could 2024 be a pivotal moment for AI in offensive security? We know it challenges us to explore new ways to simplify our work, but how will penetration testers use ChatGPT as a tool for meaningful change? And, most importantly, which new advancements in this space are worth keeping an eye on?

Author(s)

Kelyan Yesil

Published at: 17 Jan 2024

Platform updates

Detect & exploit the latest CVEs + more automation updates

“Great and getting even better” is what we commit to with each monthly update we roll out on Pentest-Tools.com.

Author(s)

Ioana Rijnetu

Published at: 05 Oct 2021

Hacking tutorials

How to detect broken authentication with Pentest-Tools.com

OWASP Top 10 is an industry staple for a reason: because it’s incredibly well documented and provides a reliable framework for security specialists striving to prioritize vulns.

Author(s)

Cristian Cornea

Published at: 07 Apr 2021

Security research

Essential HTTP Headers for securing your web server

In this article, we discuss the most important HTTP headers that you should configure on your web server in order to improve its security.

Author(s)

Satyam Singh

Published at: 22 Oct 2018

Hacking tutorials

How to conduct a full network vulnerability assessment

The best ethical hackers build and maintain an outstanding workflow and process because it pays off – big time! When you’re always overwhelmed with work, it’s difficult to make time for tweaks and improvements, even if we both know they have compound returns in the long run.

Author(s)

Daniel Bechenea

Published at: 24 Aug 2022

How we detect Log4Shell on Pentest-Tools.com

Security research

How we detect and exploit Log4Shell to help you find targets using vulnerable Log4j versions

We’re breaking down our technique for detecting CVE-2021-44228 (Log4Shell) because we believe our users should understand what’s happening behind the scanners so they can avoid a false sense of security.

Author(s)

Adrian Furtuna

Published at: 17 Dec 2021

Discover our ethical hacking toolkit and all the free tools you can use!

Create free account