What is PCI DSS, why do you need it and how do you secure it?
Discover the purpose of PCI DSS: securing card payments. OnSecurity offers PCI segmentation pentesting for businesses, ensuring a secure payment environment.
Pentest Files: Docker Breakout Are you Taking Precautions?
Explore Docker’s security aspects: Understand how taking precautions is crucial to avoid vulnerabilities in this widely-used containerization platform.
Stealing Amazon EC2 Creds via Server Side Request Forgery
Explore our technique of using Server Side Request Forgery (SSRF) to successfully retrieve EC2 credentials, demonstrating advanced cybersecurity tactics.
Pentest Files: What Error Messages And Cloud Access Keys
Unveiling the risks of exposing AWS (amazon web services) keys, this article shares a real example from a recent pen test conducted by our expert testers.
Gaining Admin Access with a simple Password Reset…
A simple bug in the ‘forgotten password’ mechanism led to a malicious takeover of an entire target application. Find out how this was fixed and secured.
OnSecurity’s Essential Cybersecurity Checklist for 2023
The best practices with OnSecurity’s cyber security checklist 2023. Identify crucial steps to protect data and systems from unauthorised access and threats.
YuLife Chooses OnSecurity as Their Trusted Pentest Partner
YuLife, a financial technology company, recently chose OnSecurity for their penetration testing needs. The decision to choose OnSecurity was due to their transparent method of scoping and pricing projects. According […]
Pentest Files: Admin Account Takeover via Password Reset
Welcome to our Pentest Files blog series. Each blog post will present an interesting or dangerous finding one of our testers has identified in an actual recent pen-test, so you […]
Pentest Files: Docker Breakout – taking precautions?
Welcome to our Pentest Files blog series. Each blog post will present an interesting or dangerous finding one of our testers has identified in an actual recent pen-test, so you […]
PFiles: Stealing Amazon EC2 Creds via Server Side Request Forgery
Welcome to our Pentest Files blog series. Each blog post will present an interesting or dangerous finding one of our testers has identified in an actual recent pen-test, so you […]