penetration testing Archives

Exploring the OWASP Software Assurance Maturity Model (SAMM)

Articles, Information Assurance, Web Applications / Ian Reynolds

The OWASP Software Assurance Maturity Model (SAMM) was first introduced in 2009 by Pravir Chandra as a practical guide to developing secure software. Since its inception, SAMM has evolved to keep pace with emerging technologies, threats, and industry standards. The most recent iteration of SAMM (Version 2.0), refines its structure and expands its applicability to […]

Exploring the OWASP Software Assurance Maturity Model (SAMM) Read More »

10 Common Security Weaknesses and How To Defend Against Them

Articles, Information Assurance / Ian Reynolds

The mistakes we make and how to fix them – a new report co-authored by the NCSC reveals the 10 most common security weaknesses exploited by hackers. A joint security alert from the National Cyber Security Centre UK (NCSC-UK) was released earlier this month, co-authored by cybersecurity bodies from the USA, Canada, New Zealand, and

10 Common Security Weaknesses and How To Defend Against Them Read More »

What is a Use After Free Vulnerability?

Articles, Information Assurance / Ian Reynolds

‘Use After Free’ is the name given to security vulnerabilities that occur because of a problem with the way an application is managing its memory. When one part of a program attempts to use some memory that another part of the program has released because it is no longer needed the application may crash, produce

What is a Use After Free Vulnerability? Read More »

What is HTTP request smuggling?

Articles, Web Applications / Ian Reynolds

Long considered a theoretical attack, HTTP request smuggling is now ‘soaring in popularity’ according to a new research paper published this month. What is HTTP request smuggling and what risk does it pose to your network? HTTP Request Smuggling (HRS) was first documented back in 2005. It is made possible by the way different web

What is HTTP request smuggling? Read More »

HPE patches RCE 0day in SIM software

News, Vulnerabilities / Ian Reynolds

Hewlett Packard Enterprise has released a patch to fix a critical remote code execution vulnerability in the Windows version of their System Insight Manager. The bug in the Federated Search and CMS Configuration (CVE-2020-7200) feature of version 7.6.x of HPE SIM, has a critical CVSS score of 9.8. According to the security advisory from HPE,

HPE patches RCE 0day in SIM software Read More »

Wi-Fi FragAttacks expose flaws in WPA2, WPA3

News, Vulnerabilities / Ian Reynolds

Design and Implementation flaws in Wi-Fi standards have been disclosed that could leave home and enterprise Wi-Fi networks vulnerable. The flaws are thought to affect all Wi-Fi systems from WEP through to the latest WPA3 security standard. The vulnerabilities have been named FragAttacks as they are mainly related to flaws in the way Wi-Fi fragments

Wi-Fi FragAttacks expose flaws in WPA2, WPA3 Read More »

What is a pass the hash attack?

Articles, Information Assurance / Ian Reynolds

Pass the hash is a technique used to steal credentials and enable lateral movement within a target network. In Windows networks, the challenge-response model used by NTLM security is abused to enable a malicious user to authenticate as a valid domain user without knowing their password. Even though Kerberos has replaced NTLM as the preferred authentication

What is a pass the hash attack? Read More »

GDPR Fines continue to grow

News / Ian Reynolds

Daily GDPR breach notifications are up 20% and fines are up 39% according to a new report. Law firm DLA Piper has published their third annual GDPR Fines and Data Breech Survey which reveals the number of breaches being reported is rising along with the number and level of fines being imposed. In the post-Brexit

GDPR Fines continue to grow Read More »

NetLogon Security Changes coming in February

News / Ian Reynolds

Microsoft continues to roll out changes to mitigate the Zerologon vulnerability and a change due in the February Patch Tuesday could break non-Windows device’s ability to connect to the domain. The Zerologon vulnerability is a flaw in the Microsoft NetLogon protocol. Tracked as CVE-2020-1472 the vulnerability allows an unauthenticated user to change passwords on the

NetLogon Security Changes coming in February Read More »

Two thirds of cyber-crimes repeated within 12 months

News / Ian Reynolds

According to a new report, 68% of organisations that suffered a network breach are the victim of a repeat attack within a year. Cyber-criminals assume that organisation will not learn a lesson from the first attack and return in the hope of easy pickings the second time around. The report from cybersecurity response firm Crowdstrike

Two thirds of cyber-crimes repeated within 12 months Read More »

penetration testing

Exploring the OWASP Software Assurance Maturity Model (SAMM)

10 Common Security Weaknesses and How To Defend Against Them

What is a Use After Free Vulnerability?

What is HTTP request smuggling?

HPE patches RCE 0day in SIM software

Wi-Fi FragAttacks expose flaws in WPA2, WPA3

What is a pass the hash attack?

NetLogon Security Changes coming in February

Two thirds of cyber-crimes repeated within 12 months

Our Address

Talk to us

Office Hours

Company Number

VAT Registration Number

Penetration Testing

Risk & Compliance Services

Quick Links

information. secured.

Head Office Address

Opening Hours

Stay in Touch