Long considered a theoretical attack, HTTP request smuggling is now ‘soaring in popularity’ according to a new research paper published this month. What is HTTP request smuggling and what risk does it pose to your network? HTTP Request Smuggling (HRS) was first documented back in 2005. It is made possible by the way different web […]
What is HTTP request smuggling? Read More »
There are big differences between iOS and Android mobile platforms, especially in how they attempt to mitigate cybersecurity threats. For years, iOS has enjoyed the reputation as the most secure mobile operating system; however, recent changes are allowing Android to make some headway and close the gap between the two. You can never be completely
iOS vs Android: Which Is More Secure? Read More »
By using Pass-the-cookie techniques, attackers can access web applications without knowing a userid, password or even the one-time password from a multi-factor system. And if the web application in question is the management console for your AWS, Google or Azure environment then they stolen have the keys to your kingdom. In January 2021, CISA drew
What is a Pass-The-Cookie Attack? Read More »
Web shell attacks have doubled over the last 6 months according to Microsoft’s Detection And Response Team. But, what are Web Shell Attacks and how can you defend against them? In a recent blog post, Microsoft’s DART detailed the rise in Web Shell Attacks that have been uncovered in Windows Defender telemetry- growing from an
What are Web shell attacks? Read More »
The CWE top 25 is a list of the most common software defects that give rise to CVE being reported. Mitre, the organisation behind the Common Vulnerabilities and Exposures database, has scanned some 25,000 CVE reports logged within their database and the NIST National Vulnerability Database in order to compile the list for 2019. By
2019 CWE Top 25 Most Dangerous Software Errors Read More »
Software Supply chain attacks – do you know what you are importing? Many websites and applications routinely import additional code modules from external repositories. These could be javascript libraries for a webpage or source code for an application. Two recent incidents illustrate the risks of supply chain attacks against the code of your applications and
What are software supply chain attacks? Read More »
What is pen-testing and how does it keep your business secure? Penetration testing defined Penetration testing is a form of ethical hacking, where organisations ask a trusted expert to try to penetrate (access) their network and systems. A penetration test plays a crucial role in identifying vulnerabilities on your critical infrastructure – systems, networks, and
Why Pen-Testing Matters Read More »
Formjacking is a type of cyber attack that can be used by an attacker to steal sensitive information that is entered by website users through forms. Most usually this type of attack targets ecommerce sites to obtain payment card details and personal information that are entered by customers; however, Formjacking attacks can target any website which
What are Formjacking attacks ? Read More »
Session Fixation is a type of attack on web application users where an attacker is able to trick a victim into using a Session ID which is previously known to them. When the victim makes use of the known Session ID in their requests to a vulnerable application, the attacker is able to exploit this
Understanding Session Fixation Attacks Read More »
Browser cookies play an important role in nearly all modern websites and applications. From tracking user-interaction through services like Google Analytics, through to maintaining the state of customer shopping carts in eCommerce applications. Cookies can also contain session tokens for web applications to ensure that user sessions are maintained between browser page refreshes. Although security
How to make the perfect cookies Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.