Articles - Page 7 of 21 - OnSecurity

About Us
Pentest

Overview
Our approach to pentesting

Web Application
Web apps, web servers & websites

Mobile Application
iOS, Android and other apps

LLM & AI Application
Red Team LLM & AI pentesting

Cloud Security
AWS, Azure and GCP testing

Physical Penetration
Onsite security assessment

External Infrastructure
Perimeter defence testing

Internal Infrastructure
Internal network & insider threats

Social Engineering
In-depth, highly-targeted phishing

Phishing Simulation
Phishing testing & awareness
Resources

Resource Hubs

Cloud Security Hub
All you need to know about Cloud Security

Penetration Testing Hub
All you need to know about Penetration Testing

Guides
Topical whitepapers that dive into the current state of affairs

Latest Articles

See All Articles
Customers

Testimonials
What people are saying about the service at OnSecurity

Case Studies

Why Early-Stage Security Testing Builds Client Trust

Driving Secure Growth Through Seamless Testing

Talon Outdoor Transforms Security Testing with OnSecurity’s Platform Approach

Trusted and Transparent: Why Pentagull Partners with OnSecurity for Annual Penetration Testing

See All Case Studies
Events
Contact

Get Your Quote. Instantly.

Pentest Findings: Bypassing Freemium with client-side security controls

Discover how one of our pentesters found that client-side security controls hadn’t been enabled in our customer’s target application, allowing them to access features reserved for paying customers, as well as how we fixed it.

What is a Penetration Test and why is it important for your business?

Penetration testing is a mostly manual process carried out by experienced consultants, using some of the same methods and tools a real hacker would. You decide on the scope of your test with your consultant, set your target, and your tester will get to work attempting to breach it. This blog will explore the importance of pentesting for businesses, and how to begin.

Pentest Files: Docker Breakout Are you Taking Precautions?

Explore Docker’s security aspects: Understand how taking precautions is crucial to avoid vulnerabilities in this widely-used containerization platform.

Stealing Amazon EC2 Creds via Server Side Request Forgery

Explore our technique of using Server Side Request Forgery (SSRF) to successfully retrieve EC2 credentials, demonstrating advanced cybersecurity tactics.

Cloud Access Keys and Error Messages: The Risks of Exposing AWS Keys

Unveiling the risks of exposing cloud acces keys – particularly in reference to AWS (amazon web services) keys. This article shares a real example from a recent pen test conducted by our expert testers.

Password Reset Bugs: How They Work And The Risks They Pose

Here Tristan demonstrates how to reset any user’s password by altering the password reset functionality, revealing a crucial cybersecurity vulnerability responsible for password reset bugs and consequential exploits.

Gaining Admin Access with a simple Password Reset…

A simple bug in the ‘forgotten password’ and password reset mechanism led to a malicious takeover of an entire target application. Find out how this was fixed and secured.

Radar: How And Why You Can Stamp Out Fashion Fraud

Uncover strategies for recognizing impending phishing attacks. This post details our proactive approach in warning a customer about a serious fraud attempt.

OnSecurity’s Essential Cybersecurity Checklist for 2023

The best practices with OnSecurity’s cyber security checklist 2023. Identify crucial steps to protect data and systems from unauthorised access and threats.

YuLife Chooses OnSecurity as Their Trusted Pentest Partner

YuLife, a financial technology company, recently chose OnSecurity for their penetration testing needs. The decision to choose OnSecurity was due to their transparent method of scoping and pricing projects. According […]