Web Applications Archives

Exploring the OWASP Software Assurance Maturity Model (SAMM)

Articles, Information Assurance, Web Applications / Ian Reynolds

The OWASP Software Assurance Maturity Model (SAMM) was first introduced in 2009 by Pravir Chandra as a practical guide to developing secure software. Since its inception, SAMM has evolved to keep pace with emerging technologies, threats, and industry standards. The most recent iteration of SAMM (Version 2.0), refines its structure and expands its applicability to […]

Exploring the OWASP Software Assurance Maturity Model (SAMM) Read More »

What is HTTP request smuggling?

Articles, Web Applications / Ian Reynolds

Long considered a theoretical attack, HTTP request smuggling is now ‘soaring in popularity’ according to a new research paper published this month. What is HTTP request smuggling and what risk does it pose to your network? HTTP Request Smuggling (HRS) was first documented back in 2005. It is made possible by the way different web

What is HTTP request smuggling? Read More »

iOS vs Android: Which Is More Secure?

Articles, Web Applications / Ian Reynolds

There are big differences between iOS and Android mobile platforms, especially in how they attempt to mitigate cybersecurity threats. For years, iOS has enjoyed the reputation as the most secure mobile operating system; however, recent changes are allowing Android to make some headway and close the gap between the two. You can never be completely

iOS vs Android: Which Is More Secure? Read More »

What is a Pass-The-Cookie Attack?

Articles, Web Applications / Ian Reynolds

By using Pass-the-cookie techniques, attackers can access web applications without knowing a userid, password or even the one-time password from a multi-factor system. And if the web application in question is the management console for your AWS, Google or Azure environment then they stolen have the keys to your kingdom. In January 2021, CISA drew

What is a Pass-The-Cookie Attack? Read More »

What are Web shell attacks?

Articles, Web Applications / Ian Reynolds

Web shell attacks have doubled over the last 6 months according to Microsoft’s Detection And Response Team. But, what are Web Shell Attacks and how can you defend against them? In a recent blog post, Microsoft’s DART detailed the rise in Web Shell Attacks that have been uncovered in Windows Defender telemetry- growing from an

What are Web shell attacks? Read More »

2019 CWE Top 25 Most Dangerous Software Errors

Articles, Web Applications / Ian Reynolds

The CWE top 25 is a list of the most common software defects that give rise to CVE being reported. Mitre, the organisation behind the Common Vulnerabilities and Exposures database, has scanned some 25,000 CVE reports logged within their database and the NIST National Vulnerability Database in order to compile the list for 2019. By

2019 CWE Top 25 Most Dangerous Software Errors Read More »

What are software supply chain attacks?

Articles, Web Applications / Ian Reynolds

Software Supply chain attacks – do you know what you are importing? Many websites and applications routinely import additional code modules from external repositories. These could be javascript libraries for a webpage or source code for an application. Two recent incidents illustrate the risks of supply chain attacks against the code of your applications and

What are software supply chain attacks? Read More »

Why Pen-Testing Matters

Articles, Web Applications / Ian Reynolds

What is pen-testing and how does it keep your business secure? Penetration testing defined Penetration testing is a form of ethical hacking, where organisations ask a trusted expert to try to penetrate (access) their network and systems. A penetration test plays a crucial role in identifying vulnerabilities on your critical infrastructure – systems, networks, and

Why Pen-Testing Matters Read More »

What are Formjacking attacks ?

Articles, Web Applications / Ian Reynolds

Formjacking is a type of cyber attack that can be used by an attacker to steal sensitive information that is entered by website users through forms. Most usually this type of attack targets ecommerce sites to obtain payment card details and personal information that are entered by customers; however, Formjacking attacks can target any website which

What are Formjacking attacks ? Read More »

Understanding Session Fixation Attacks

Articles, Web Applications / Ian Reynolds

Session Fixation is a type of attack on web application users where an attacker is able to trick a victim into using a Session ID which is previously known to them. When the victim makes use of the known Session ID in their requests to a vulnerable application, the attacker is able to exploit this

Understanding Session Fixation Attacks Read More »

Web Applications

Exploring the OWASP Software Assurance Maturity Model (SAMM)

What is HTTP request smuggling?

iOS vs Android: Which Is More Secure?

What is a Pass-The-Cookie Attack?

What are Web shell attacks?

2019 CWE Top 25 Most Dangerous Software Errors

What are software supply chain attacks?

Why Pen-Testing Matters

What are Formjacking attacks ?

Understanding Session Fixation Attacks

Our Address

Talk to us

Office Hours

Company Number

VAT Registration Number

Penetration Testing

Risk & Compliance Services

Quick Links

information. secured.

Head Office Address

Opening Hours

Stay in Touch