OnSecurity's Latest Articles, News and Industry Tips

Shortwhitedivider

Security should be important to everyone. Our blog features articles regarding your business’ security and different aspects to consider.

3
Vulnerabilities & Hacking

Smishing, a form of cyber-attack that uses SMS messages to deceive victims, is on the rise. By exploiting human trust,

5
Pentesting

Mobile devices are firmly embedded as a huge part of daily life, and therefore making sure Android apps and devices

7
Pentesting

Cyber threats are evolving, and every business – large or small – faces potential risks. A single vulnerability in your

8
Pentesting

Cybercriminals are no longer targeting just the big players. In fact, small businesses are firmly in their sights too. With

10
Pentesting

External penetration testing methodology: what is it and how does it work? External penetration testing is a crucial cybersecurity measure

25
News and Industry Trends

2024 has been a transformative year for the OnSecurity team, marked by progress and significant milestones. To celebrate the company’s

37
Pentesting

Ethical hacking and penetration testing are essential cybersecurity practices that uncover security vulnerabilities by simulating attacks on an organisation’s network.

31
Pentesting

Sometimes referred to as ‘internal infrastructure tests’, or ‘internal network tests’, internal penetration tests are the backbone of any thorough

35
Pentesting

The term “penetration testing” or “pentesting” might be familiar, but the different types available—and how each can enhance your business’s

29
News and Industry Trends

Enforceable by January 2025, the EU’s Digital Operational Resilience Act (DORA) introduces a landmark EU regulation framework, designed to help

33
Pentesting

Firewall penetration testing is a method of locating, scoping, and penetrating a specific firewall to test an organisation’s network infrastructure.

Updated Blog Banners
Pentesting

External and internal penetration testing both exist as part of a broader cybersecurity strategy, supporting organisations in pinpointing vulnerabilities through

1
Pentesting

Penetration testing is a crucial investment in your organisation’s cybersecurity, but understanding the associated costs can be challenging. While there’s

Updated Blog Banners 1
News and Industry Trends

ISO 27001 and SOC 2, Type 2 are two of the most prominent regulatory frameworks in the cybersecurity industry. While

Updated Blog Banners 2
News and Industry Trends

In the blink of an eye, artificial intelligence and emerging technology are shattering the old rules of cybersecurity, rendering traditional

Screenshot 2025 08 18 At 16.20.50
Pentesting

Maximise your pentest impact with OnSecurity’s guide on leveraging reports to enhance your security posture and confidently and quickly share

Retail Cybersecurity
News and Industry Trends

Many retailers face rising cyber threats. Discover key challenges and practical solutions to protect systems, data, and customer trust.

Hero 5
News and Industry Trends

Discover what the Digital Operational Resilience Act (DORA) means for cybersecurity in the financial sector. Learn the compliance requirements, and

Hero 3
News and Industry Trends

The investment will support the pentesting firm’s plans for rapid growth and innovation as well as R&D for the pentesting

Screenshot 2025 08 26 At 14.55.21
Vulnerabilities & Hacking

Discover how to mitigate financial risks from subdomain takeovers. Learn strategies to safeguard against reputational damage and data breaches.

Screenshot 2025 08 26 At 14.58.26
Vulnerabilities & Hacking

Exploring Cloud Security: Risks, Regulations & Remedies. Learn from incidents & strategies for robust cloud protection in an evolving digital

Ssdlc Deep Dive
Vulnerabilities & Hacking

Explore SSDLC stages: From planning to deployment. Learn how to secure web apps effectively with OnSecurity’s solutions.

Updated Blog Banners 2 1
Pentesting

What is Penetration Testing? Penetration Testing, otherwise known as “pentesting” or ethical hacking, is the beating heart of all good

Cloud Security Challenges For Businesses
Vulnerabilities & Hacking

How Can Businesses Overcome Cloud Security Challenges? The rapid global shift to cloud computing continues to gather momentum, and with

Hero 1
News and Industry Trends

For National Coding Week, we reached out to some of our software developers at OnSecurity to hear their perspective on

12
Vulnerabilities & Hacking

Defining Cybercrime What do you imagine when you think of a cybercriminal? Do you envision an erratic, reactive hacker, randomly

16
News and Industry Trends

Conor O’Neill is not your typical CEO. In 2023 he completed an Ironman marathon. He practises archery in his spare

30
News and Industry Trends

With the rise of remote and flexible work policies, many employees have adopted cafes, libraries, and other public spaces as

Soc2 Banner
Pentesting

Explore OnSecurity’s services and products for enhancing your organization’s security posture. Understand the importance of SOC 2 compliance requirements.

Typosquatting
Vulnerabilities & Hacking

The risks of typosquatting and its implications for online security. Explore cybercriminal tactics, real-world cases, and protective measures for your

Cover 10
Vulnerabilities & Hacking

Radar by OnSecurity: an advanced tool for threat intelligence. Learn its role in enhancing security, achieving ISO certifications, and prioritizing

Apache Tomcat Rce Exploit 1 1
Pentesting

Highlighting a critical cybersecurity issue: Unauthorised access is inevitable wherever default credentials are used, underscoring the need for caution.

Sqlguru 1
Pentesting

Discover now how our tester skillfully exploited multiple SQL injection vulnerabilities to extract valuable data from an application’s backend databases.

Hybrid Cloud 1
News and Industry Trends

Learn about the key components of hybrid cloud security and the benefits and challenges of adopting a hybrid cloud environments

Nist Banner
Vulnerabilities & Hacking

Explore the intricacies of this vital framework designed to fortify businesses against diverse cyber threats. Core principles and actionable guidance.

Cloud Native Security 1
Pentesting

The best practices and essential strategies to fortify your cloud infrastructure, ensuring a robust security framework for your cloud-based operations.

Sqlguru
Pentesting

Welcome to our Pentest Files blog series. Each blog post will present an interesting or dangerous finding one of our

Hybrid Cloud
News and Industry Trends

A hybrid cloud security solution tries to combine the best of both worlds, with on-premises and cloud solutions being intertwined

Cloud Native Security
Pentesting

Cloud-native security systems are transforming the way businesses protect their digital assets. Built for the cloud, these systems offer dynamic

Pci Dss Banner
Pentesting

Discover the purpose of PCI DSS: securing card payments. OnSecurity offers PCI segmentation pentesting for businesses, ensuring a secure payment

Header 5
Pentesting

Maximise your pentest impact with OnSecurity’s guide on leveraging reports to enhance your security posture and confidently and quickly share

What Is A Pentest 1
Vulnerabilities & Hacking

Discover the essence of a penetration test (pentest) and its necessity. Get the answers to why you might require this

Typosquat Blog Header
Vulnerabilities & Hacking

Dispelling misconceptions about cyber attack targets: Modern cybercrime is a complex, sophisticated industry. Gain insights into the evolving threat landscape.

Saas1
Vulnerabilities & Hacking

Understanding the importance of cybersecurity for SaaS companies. Explore the awareness of threats and proactive measures to safeguard data and

Typosquat Blog Header
News and Industry Trends

Uncover strategies for recognizing impending phishing attacks. This post details our proactive approach in warning a customer about a serious

Bypass Freemium 1
Pentesting

Emphasizing a critical cybersecurity practice: Avoid relying only on client-side measures for key security functions, and explore stronger alternatives.

Pentest Files Smashing The Password Reset Function For Fun And Profit 1
Pentesting

Here Tristan demonstrates how to reset any user’s password by altering the password reset functionality, revealing a crucial cybersecurity vulnerability.

Cloud Access Keys 1
Pentesting

Unveiling the risks of exposing AWS (amazon web services) keys, this article shares a real example from a recent pen

Server Side Request Forgery 1
Pentesting

Explore our technique of using Server Side Request Forgery (SSRF) to successfully retrieve EC2 credentials, demonstrating advanced cybersecurity tactics.

Docker Breakout 1
Pentesting

Explore Docker’s security aspects: Understand how taking precautions is crucial to avoid vulnerabilities in this widely-used containerization platform.

Stickynotes
Vulnerabilities & Hacking

The best practices with OnSecurity’s cyber security checklist 2023. Identify crucial steps to protect data and systems from unauthorised access

Admin Account Takeover Via Password Reset
Pentesting

A simple bug in the ‘forgotten password’ mechanism led to a malicious takeover of an entire target application. Find out

What Is A Pentest
Vulnerabilities & Hacking

Is your business an easy target for hackers? A penetration test is the best way to know for sure. What

Header
Pentesting

Congratulations! You just completed your penetration test. You’ve read the report, planned your mitigation strategies, and started executing on the

Bypass Freemium
Pentesting

Welcome to our Pentest Files blog series. Each blog post will present an interesting or dangerous finding one of our

Pentest Files Smashing The Password Reset Function For Fun And Profit
Pentesting

Welcome to our Pentest Files blog series. Each blog post will present an interesting or dangerous finding one of our

Server Side Request Forgery
Pentesting

Welcome to our Pentest Files blog series. Each blog post will present an interesting or dangerous finding one of our

Docker Breakout
Pentesting

Welcome to our Pentest Files blog series. Each blog post will present an interesting or dangerous finding one of our

Admin Account Takeover Via Password Reset
Pentesting

Welcome to our Pentest Files blog series. Each blog post will present an interesting or dangerous finding one of our

Cybersecurity Randsomware
Vulnerabilities & Hacking

Here we delve into the evolution of ransomware with OnSecurity’s article on Triple Extortion tactics that threaten not just data,

Vulnerability Scanning 1
Vulnerabilities & Hacking

Delve into effective vulnerability scanning strategy and adopt best practices. This guide offers a very comprehensive understanding of the role

Uk Organisations Plan To Hire Ciso
News and Industry Trends

Discover why over half of UK businesses are hiring CISOs to combat cyber threats, with OnSecurity’s updated insights on the

Digger Drill
Vulnerabilities & Hacking

New report reveals increasing cyber threats to drilling rigs, potentially leading to severe safety incidents. Understand the emerging vulnerabilities.

Home Worker Computer Desktop
News and Industry Trends

Explore how remote working can define an organisations agility and crisis response, all while also considering the potential risks associated

Antivirus Security
News and Industry Trends

Discover crucial insights on the actively exploited Microsoft zero-day vulnerability. Protect your systems with expert advice and stay ahead of

Uk Government Tackles Cyber Crime
News and Industry Trends

Stay informed with the latest strategies tackling cybercrime as governments announce robust plans. Dive into the blog for crucial cybersecurity

Computer Server Hacker
News and Industry Trends

Microsoft email servers are being targeted by hackers after a series of vulnerabilities were detailed at a computer security conference

Cyber Security Money Stealing
News and Industry Trends

Holyrood reports on the UK Government’s £700,000 fund initiative to expand the cyber security sector, signaling huge significant growth and

Onsecurity Header
News and Industry Trends

Delve into an overview of 2021’s significant data breaches. Explore the most notable incidents and learn from them for better

Vulnerability Scanning
Vulnerabilities & Hacking

Vulnerability Scanning isn’t rocket science, anyone with an internet connection and device can search for and find a tool within

Zero Day
Vulnerabilities & Hacking

CVE-2021-44228: A new high profile zero-day vulnerability affecting large number of Java applications through a vulnerable version of the

Malware
News and Industry Trends

Sony is a gigantic multipartite corporation that has been prone to multiple different types of hacks, find out why and

The Secrets To Googles Security
News and Industry Trends

Google’s very impressive record: Zero successful phishing attacks on a massive workforce of 140,000+ employees. Discover their security success story.

Phishing Biggest Cyber Threat
Vulnerabilities & Hacking

New research shows the prevalence of email phishing as the top cyber threat, tricking firms into revealing information through reputable

Password
News and Industry Trends

Explore the risks businesses face with internet-stored data and the prevalent distrust in online security, highlighting the need for robust

Amazon Enquiry 1
News and Industry Trends

“Online US retail giant Amazon has used its cloud operations to do a deal with the GCHQ, MI5, and MI6,

The Secrets To Googles Security
News and Industry Trends

Catch Of The Week Did you know that Google has never been the victim of a successful phishing attack? Not bad for

Amazon Enquiry
News and Industry Trends

Online US retail giant Amazon has used its cloud operations to do a deal with the GCHQ, MI5, and MI6, The

Cloud Access Keys
Pentesting

Welcome to our Pentest Files blog series. Each blog post will present an interesting or dangerous finding one of our

Who Does Social Engineering Target 1
Vulnerabilities & Hacking

Explore the rise of social engineering threats. Understand how individuals are manipulated to divulge sensitive information, passwords, and financial details.

Ransomware Virus
News and Industry Trends

One of the biggest growing problems in computer security is the growing proliferation of cyberattacks which are far more open

Cyber Attack Malware Virus
Vulnerabilities & Hacking

Here you can discover the history and impact of MyDoom, the fastest spreading and most damaging computer virus to date,

What Is A Zero Day
Vulnerabilities & Hacking

Explore the challenge of vulnerabilities exploited before fixes. Learn how to address security gaps and protect against threats in this

Data Security System
News and Industry Trends

The United Kingdom Government takes action to safeguard smart devices with new laws aimed at countering cyberattacks. Read the press

Hoth
Vulnerabilities & Hacking

This post explores each of the initial compromise methods for the TryHackMe x HackerOne CTF. Diving into the web security

Cover 11
News and Industry Trends

Dive into the alarming rise of Ryuk ransomware since 2018, which has accumulated over $150 million, showcasing its global financial

Linkedin Phone
News and Industry Trends

Explore the methods targeting LinkedIn users through phishing scams and gain insights into the everyday tactics used by cybercriminals to

I Love You Binary
News and Industry Trends

Delve into the fascinating narrative of how a love letter altered the landscape of computer security perpetually. Uncover this tale

Method Confusion
Vulnerabilities & Hacking

Delve into OnSecurity’s research on Go’s server-side template injection vulnerabilities, revealing potential for file reads and RCE exploits. Read more

Project Crobat
News and Industry Trends

Unravel the simplicity of gRPC with Project Crobat. Learn to streamline development with gRPC and empower your projects. Dive into

File Upload
News and Industry Trends

A compilation of tricks and checks for when a file upload is encountered in an offensive security test.

Macbook
Vulnerabilities & Hacking

Apple claims that its Mac computers are well protected by in-built antivirus features, and there is no need to worry

Computer Hackers
News and Industry Trends

A computer hacker in the US was able to gain access to the water system of Oldsmar in Florida and

Cloud Security Testing
News and Industry Trends

The myths surrounding cloud security hesitancy. Gain clarity on common misconceptions and make informed decisions about cloud-based security solutions.

Laptop Hacker Money Padlock
Vulnerabilities & Hacking

Learn 3 essential steps to enhance your cybersecurity posture, and effectively mitigate emerging zero-day vulnerabilities for comprehensive threat protection.

Computer Pen Test Guide
Pentesting

Because so much of life is carried out online these days, it’s essential that you take all the necessary steps

Who Does Social Engineering Target
Vulnerabilities & Hacking

Protecting the data, valuables and account information related to your business has become even more vital as our workplaces have

Cybercriminal Bitcoin Burglars
News and Industry Trends

Uncover the latest threat looming over government servers. The newfound vulnerability impacts Microsoft systems, leaving government infrastructures at risk.

Cover 18
Vulnerabilities & Hacking

Do you suspect a phishing attempt? Explore this guide for actionable steps on what to do next. Get assistance in

Cover 16
Pentesting

Vulnerability scans look for known vulnerabilities in your systems, while Penetration tests intend to exploit weaknesses in the architecture. How

Tools We Love Clubhouse
News and Industry Trends

We love using Clubhouse to helps us develop our security projects

Cover 15
Vulnerabilities & Hacking

Learn proactive cyber threat prevention through threat modeling. Discover how to anticipate and mitigate security incidents before they occur with

Cover 13
Vulnerabilities & Hacking

Dive deeper into Spear Phishing, a sophisticated cyber attack targeting specific individuals to gain unauthorized access to confidential data and

Cover 12
News and Industry Trends

The continued impact of the pandemic has made working from home the new normal, rapidly accelerating digital transformation in companies

Cover 9
Vulnerabilities & Hacking

Craig has delved into his research on CVE-2019-11510, uncovering over 736 vulnerable hosts and sharing insights on this critical cybersecurity

Cover 8
Vulnerabilities & Hacking

Recruitment companies are a prime target for hackers. We go over the main aspects that recruitment companies should be careful

Cover 7
News and Industry Trends

In this blog we uncover a huge data spill for Wishbone, revealing massive amounts of user data available for malicious

Cover 6
News and Industry Trends

Uncovering what went wrong with TravelEx. Investigating ransomware designed to take over the network and block access to file networks.

Cve Hunting In An Open Source Application
Vulnerabilities & Hacking

CVE hunting within open-source applications – invaluable insights for identifying vulnerabilities, ensuring robust security in open-source software.

Cover 4
Vulnerabilities & Hacking

7 effective strategies to improve your company’s security. Discover actionable steps to fortify your defences against cyber threats and safeguard

6 Ways To Spot A Phishing Email 1
Vulnerabilities & Hacking

Safeguard your inbox against cyber threats. Explore our expert insights on spotting and avoiding phishing attempts to enhance your online

Cover 3
Pentesting

The critical differences between a penetration test and a vulnerability scan are often misunderstood. While both processes work to protect

Cover 1
Vulnerabilities & Hacking

Phishing, a cyber-crime that targets victims through email, has become the most common form of online attack. Hackers will attempt

Cover
News and Industry Trends

Launched in 2015, Wishbone is a social networking app that encourages users to have their say in comparisons of everything

Cover 17
Vulnerabilities & Hacking

Uncover the mechanics of ransomware and prevention strategies to safeguard your network against cybercriminal tactics with OnSecurity’s expert insights

Cover 14
Vulnerabilities & Hacking

Explore the financial implications of data breaches, a frequent occurrence in today’s digital world. Learn about the actual costs behind

Cover 5
News and Industry Trends

What happened in 2014 when Sony became the victim of an attack? Explore how Wiper malware was deployed and crippled

Cover 2
Vulnerabilities & Hacking

Recently I was tasked to conduct an external infrastructure penetration test against a select few IP addresses of a certain

Bob And Alice
News and Industry Trends

Preventing complacency in testers is crucial to ensuring you have a successful test. Learn about why an alert and proactive

What Is Email Phishing
Vulnerabilities & Hacking

Get insights into email phishing from an Ethical Hacking Veteran. Learn common tactics with real-world examples and practical tips for

List 1
Pentesting

Explore the future of pentest reports as we unveil the next-generation approach. Discover what’s on the horizon for cybersecurity assessments

List
Vulnerabilities & Hacking

Discover the challenges of managing extensive database audits and our innovative solution using Elasticsearch, a custom Node tool, and PostgreSQL

What Is Social Engineering 1
Vulnerabilities & Hacking

A Penetration Testing Pro shows how social engineering works in the real world. Hackers techniques, real-life examples and practical tips

Sever Side Template Injection With Jinja2
Vulnerabilities & Hacking

Join Gus on a deep dive into crafting Jinja2 SSTI payloads from scratch. Explore bypass methods and various exploitation techniques

Gain Access To Burp Collaborator Sessions
Vulnerabilities & Hacking

Discover how you use Burpsuite Collaborator persistently for enhanced cybersecurity testing. Now it’s possible to leverage this tool more effectively.

Pentesting Postgresql With Sql Injections2 1
Pentesting

Join Gus, explore advanced techniques for detecting and exploiting SQL Injection vulnerabilities in PostgreSQL-based web applications, ensuring robust security.

29
News and Industry Trends

Enforceable by January 2025, the EU’s Digital Operational Resilience Act (DORA) introduces a landmark EU regulation framework, designed to help

25
News and Industry Trends

2024 has been a transformative year for the OnSecurity team, marked by progress and significant milestones. To celebrate the company’s

Updated Blog Banners 2
News and Industry Trends

In the blink of an eye, artificial intelligence and emerging technology are shattering the old rules of cybersecurity, rendering traditional

Updated Blog Banners 1
News and Industry Trends

ISO 27001 and SOC 2, Type 2 are two of the most prominent regulatory frameworks in the cybersecurity industry. While

Retail Cybersecurity
News and Industry Trends

Many retailers face rising cyber threats. Discover key challenges and practical solutions to protect systems, data, and customer trust.

Hero 3
News and Industry Trends

The investment will support the pentesting firm’s plans for rapid growth and innovation as well as R&D for the pentesting platform

Hero 5
News and Industry Trends

Discover what the Digital Operational Resilience Act (DORA) means for cybersecurity in the financial sector. Learn the compliance requirements, and how to prepare with penetration testing.

30
News and Industry Trends

With the rise of remote and flexible work policies, many employees have adopted cafes, libraries, and other public spaces as

16
News and Industry Trends

Conor O’Neill is not your typical CEO. In 2023 he completed an Ironman marathon. He practises archery in his spare

Hero 1
News and Industry Trends

For National Coding Week, we reached out to some of our software developers at OnSecurity to hear their perspective on

Hybrid Cloud
News and Industry Trends

A hybrid cloud security solution tries to combine the best of both worlds, with on-premises and cloud solutions being intertwined

Hybrid Cloud 1
News and Industry Trends

Learn about the key components of hybrid cloud security and the benefits and challenges of adopting a hybrid cloud environments and setups in business.

Typosquat Blog Header
News and Industry Trends

Uncover strategies for recognizing impending phishing attacks. This post details our proactive approach in warning a customer about a serious fraud attempt.

Home Worker Computer Desktop
News and Industry Trends

Explore how remote working can define an organisations agility and crisis response, all while also considering the potential risks associated with it.

Cyber Security Money Stealing
News and Industry Trends

Holyrood reports on the UK Government’s £700,000 fund initiative to expand the cyber security sector, signaling huge significant growth and development.

Computer Server Hacker
News and Industry Trends

Microsoft email servers are being targeted by hackers after a series of vulnerabilities were detailed at a computer security conference in August

Uk Government Tackles Cyber Crime
News and Industry Trends

Stay informed with the latest strategies tackling cybercrime as governments announce robust plans. Dive into the blog for crucial cybersecurity updates.

Uk Organisations Plan To Hire Ciso
News and Industry Trends

Discover why over half of UK businesses are hiring CISOs to combat cyber threats, with OnSecurity’s updated insights on the evolving role in cybersecurity

Onsecurity Header
News and Industry Trends

Delve into an overview of 2021’s significant data breaches. Explore the most notable incidents and learn from them for better data security practices.

Antivirus Security
News and Industry Trends

Discover crucial insights on the actively exploited Microsoft zero-day vulnerability. Protect your systems with expert advice and stay ahead of cyber threats.

Amazon Enquiry 1
News and Industry Trends

“Online US retail giant Amazon has used its cloud operations to do a deal with the GCHQ, MI5, and MI6, The Financial Times reports.

The Secrets To Googles Security
News and Industry Trends

Google’s very impressive record: Zero successful phishing attacks on a massive workforce of 140,000+ employees. Discover their security success story.

Amazon Enquiry
News and Industry Trends

Online US retail giant Amazon has used its cloud operations to do a deal with the GCHQ, MI5, and MI6, The

The Secrets To Googles Security
News and Industry Trends

Catch Of The Week Did you know that Google has never been the victim of a successful phishing attack? Not bad for

Malware
News and Industry Trends

Sony is a gigantic multipartite corporation that has been prone to multiple different types of hacks, find out why and how they improve their security posture

Password
News and Industry Trends

Explore the risks businesses face with internet-stored data and the prevalent distrust in online security, highlighting the need for robust protection.

Cover 11
News and Industry Trends

Dive into the alarming rise of Ryuk ransomware since 2018, which has accumulated over $150 million, showcasing its global financial impact and danger.

File Upload
News and Industry Trends

A compilation of tricks and checks for when a file upload is encountered in an offensive security test.

Project Crobat
News and Industry Trends

Unravel the simplicity of gRPC with Project Crobat. Learn to streamline development with gRPC and empower your projects. Dive into our blog for insights!

Data Security System
News and Industry Trends

The United Kingdom Government takes action to safeguard smart devices with new laws aimed at countering cyberattacks. Read the press release for details.

I Love You Binary
News and Industry Trends

Delve into the fascinating narrative of how a love letter altered the landscape of computer security perpetually. Uncover this tale of technological evolution.

Ransomware Virus
News and Industry Trends

One of the biggest growing problems in computer security is the growing proliferation of cyberattacks which are far more open and threatening in nature.

Cloud Security Testing
News and Industry Trends

The myths surrounding cloud security hesitancy. Gain clarity on common misconceptions and make informed decisions about cloud-based security solutions.

Linkedin Phone
News and Industry Trends

Explore the methods targeting LinkedIn users through phishing scams and gain insights into the everyday tactics used by cybercriminals to exploit you further.

Computer Hackers
News and Industry Trends

A computer hacker in the US was able to gain access to the water system of Oldsmar in Florida and successfully increased the amount of sodium hydroxide.

Cybercriminal Bitcoin Burglars
News and Industry Trends

Uncover the latest threat looming over government servers. The newfound vulnerability impacts Microsoft systems, leaving government infrastructures at risk.

Cover 6
News and Industry Trends

Uncovering what went wrong with TravelEx. Investigating ransomware designed to take over the network and block access to file networks.

Cover 7
News and Industry Trends

In this blog we uncover a huge data spill for Wishbone, revealing massive amounts of user data available for malicious actors to share and exploit.

Cover 12
News and Industry Trends

The continued impact of the pandemic has made working from home the new normal, rapidly accelerating digital transformation in companies

Tools We Love Clubhouse
News and Industry Trends

We love using Clubhouse to helps us develop our security projects

Cover
News and Industry Trends

Launched in 2015, Wishbone is a social networking app that encourages users to have their say in comparisons of everything

Cover 5
News and Industry Trends

What happened in 2014 when Sony became the victim of an attack? Explore how Wiper malware was deployed and crippled the large corporation’s network.

Blue Keep The Worms Are Coming
News and Industry Trends

Defend against BlueKeep’s looming threats. Insights on securing systems from potential widespread attacks. This blog will help you stay informed of threats.

Bob And Alice
News and Industry Trends

Preventing complacency in testers is crucial to ensuring you have a successful test. Learn about why an alert and proactive testing approach is essential.

Screenshot 2025 08 18 At 16.07.14
News and Industry Trends

Join Gus on a deep dive into crafting Jinja2 SSTI payloads from scratch. Explore bypass methods and various exploitation techniques in this insightful post.

Screenshot 2025 08 15 At 14.05.27
News and Industry Trends

Understand the Power of Secure Code: Enhance Business Security with Proactive Code Audits. Discover vulnerabilities, ensure compliance, and build trust.

Screenshot 2025 08 15 At 13.51.09
News and Industry Trends

Roles in software engineering are becoming more popular with advances in technology and require a key set of skills. Here we run through how to become a software engineer

Screenshot 2025 08 15 At 13.45.22
News and Industry Trends

Learn about spoofing in cyber security, how it works, common types, and how businesses can detect and protect against this growing cyber threat.

Screenshot 2025 08 15 At 13.48.42
News and Industry Trends

Learn how OnSecurity evolved from the vision of a few founders to an industry-leading pentest provider, as shared by one of its founding members.

Screenshot 2025 08 15 At 13.54.36
News and Industry Trends

Learn how iOS penetration testing uncovers vulnerabilities in your mobile apps, ensuring robust security and protecting user data on Apple devices.

Screenshot 2025 08 15 At 14.01.50
News and Industry Trends

What are the differences between ISO 27001 and SOC 2, Type 2? How can I choose the right cybersecurity framework for my organisation?

New Blog Banners 3 6
News and Industry Trends

Ensure your Open Banking APIs meet regulatory standards with robust security testing. Learn key methods, risks, and compliance best practices.

New Blog Banners 3 2
News and Industry Trends

Discover the risks of using unsecured WiFi and learn effective strategies to protect your data. Read more to safeguard your online security today.

New Blog Banners 3
News and Industry Trends

Discover the top 10 fintech app security vulnerabilities found in 2025, plus practical fixes to help your team improve security and reduce cyber risk.

What Is Hashing In Cyber Security?
News and Industry Trends

Learn the essentials of hashing in cyber security, its importance, and practical applications. Discover how it protects data integrity—read more now!

Penetration Testing Best Practices During Financial Mergers And Acquisitions
News and Industry Trends

Ensure secure fintech mergers with penetration testing best practices. Learn how to reduce risk, protect data, and support due diligence during M&A deals.

Cost Of A Retail Data Breach
News and Industry Trends

Discover the true cost of a retail data breach and why regular penetration testing is a smart, ROI-positive investment, not just a compliance requirement.

Most Common Pentest Findings
News and Industry Trends

Understand the most common high-impact penetration testing findings that OnSecurity’s testers discover and the steps to take to remediate them.

Retail Cybersecurity
News and Industry Trends

Many retailers face rising cyber threats. Discover key challenges and practical solutions to protect systems, data, and customer trust.

Updated Blog Banners 4 6
News and Industry Trends

Protect your small business with our 7 essential cybersecurity tips. Learn about employee training, system updates, penetration testing, and MFA to safeguard against cyber threats and financial losses.

Updated Blog Banners 4 4
News and Industry Trends

Discover how AI is transforming enterprise cybersecurity with smarter threat detection, proactive defence, and pentest automation.

Saas Cybersec
News and Industry Trends

Understanding the importance of cybersecurity for SaaS companies. Explore the awareness of threats and proactive measures to safeguard data and systems.

Pentesting Resources
News and Industry Trends

Duncan Butchart, VP of Sales at OnSecurity, shares insights into his 25-year career journey, the evolution of the cybersecurity industry, and how OnSecurity stands out with its expert team and customer-centric approach.

What Is Quishing In Cybersecurity?
News and Industry Trends

Learn what quishing is, how it works, and why it’s a major threat to businesses. Protect your data with OnSecurity’s penetration testing services.

What Is A Brute Force Attack In Cyber Security?
News and Industry Trends

Learn about brute force attacks in cyber security, how they work, types, signs to watch for, and ways to protect systems from unauthorised access and potential data breaches.

What Is Ransomware? Causes And Prevention Strategies
News and Industry Trends

Ransomware can cripple businesses by locking critical data and demanding payment. Learn what ransomware is, how it works, and how penetration testing can help prevent attacks.

Screenshot 2025 07 29 At 14.59.39
News and Industry Trends

Protect your business from phishing scams with these 5 essential tips. Learn how to avoid phishing attacks and safeguard your data from cybercriminals.

Iso27001 Vs Soc-2, Type 2: An Evaluation
News and Industry Trends

What are the differences between ISO 27001 and SOC 2, Type 2? How can I choose the right cybersecurity framework for my organisation?

New Blog Banners 3 6
News and Industry Trends

Learn the key differences between penetration testing and vulnerability scanning. Understand when to use each method for optimal cybersecurity protection.

New Blog Banners 3 5
News and Industry Trends

From doctor to pentester: Archana Singh’s inspiring journey into cybersecurity shows how passion and resilience can shape new careers.

New Blog Banners 3 3
News and Industry Trends

Explore the journeys of women in cybersecurity at OnSecurity, with insights from Product Manager Beth Watts on navigating and thriving in tech.

New Blog Banners 7 Scaled 1
News and Industry Trends

OnSecurity’s CEO emphasises a merit-based hiring approach, career development, and life/work balance. By nurturing talent, fostering a supportive workplace, and offering flexibility, OnSecurity has boosted productivity and employee satisfaction.

New Blog Banners 2 6 Scaled 1
News and Industry Trends

Learn how Mike Oram, VP of engineering at OnSecurity, taught himself coding, and how to navigate coding in the age of AI.

Cost Of A Retail Data Breach
News and Industry Trends

Explore API pen testing, its benefits, common vulnerabilities, and best practices to strengthen your business’s security posture.

New Blog Banners 1 1 Scaled 1
News and Industry Trends

Discover the purpose of PCI DSS: securing card payments. OnSecurity offers PCI segmentation pentesting for businesses, ensuring a secure payment environment.

New Blog Banners 2 2 Scaled 1
News and Industry Trends

The risks of typosquatting and its implications for online security. Explore cybercriminal tactics, real-world cases, and protective measures for your brand.

A Blue Banner Reading &Quot;Introducing The Threat Intelligence Tool By Onsecurity&Quot;
News and Industry Trends

Radar by OnSecurity: an advanced tool for threat intelligence. Learn its role in enhancing security, achieving ISO certifications, and prioritising threats

Screenshot 2025 08 18 At 15.18.46
News and Industry Trends

Understand the Power of Secure Code: Enhance Business Security with Proactive Code Audits. Discover vulnerabilities, ensure compliance, and build trust.

Screenshot 2025 08 18 At 15.28.45
News and Industry Trends

Discover how we exploited a SSRF vulnerability in a web application to acquire API credentials and access AWS S3 buckets, showcasing cybersecurity risks.

Screenshot 2025 08 18 At 15.31.15
News and Industry Trends

Emphasising a critical cybersecurity practice: Avoid relying only on client-side measures for key security functions, and explore stronger alternatives.

New Feature Instant Booking
News and Industry Trends

Discover OnSecurity’s innovative approach to penetration testing. Our client-collaborative efforts have streamlined booking to just 5 minutes for efficiency.

New Feature Slack Api
News and Industry Trends

Experience real-time communication with your penetration test testers during the testing process for enhanced collaboration and continuous timely updates.

Theteam
News and Industry Trends

Look into IT Security through the eyes of a pen-tester. We’ll uncover the inner workings and provide in-depth insights for a comprehensive understanding.

Computer Virus
News and Industry Trends

Unveiling the origins of the first PC virus prank. Dive into the history of pioneering cyber mischief and understand the Elk Cloner Virus in OnSecurity’s blog.

35
Pentesting

The term “penetration testing” or “pentesting” might be familiar, but the different types available—and how each can enhance your business’s

31
Pentesting

Sometimes referred to as ‘internal infrastructure tests’, or ‘internal network tests’, internal penetration tests are the backbone of any thorough

37
Pentesting

Ethical hacking and penetration testing are essential cybersecurity practices that uncover security vulnerabilities by simulating attacks on an organisation’s network.

10
Pentesting

External penetration testing methodology: what is it and how does it work? External penetration testing is a crucial cybersecurity measure

8
Pentesting

Cybercriminals are no longer targeting just the big players. In fact, small businesses are firmly in their sights too. With

7
Pentesting

Cyber threats are evolving, and every business – large or small – faces potential risks. A single vulnerability in your

5
Pentesting

Mobile devices are firmly embedded as a huge part of daily life, and therefore making sure Android apps and devices

1
Pentesting

Penetration testing is a crucial investment in your organisation’s cybersecurity, but understanding the associated costs can be challenging. While there’s

Updated Blog Banners
Pentesting

External and internal penetration testing both exist as part of a broader cybersecurity strategy, supporting organisations in pinpointing vulnerabilities through

33
Pentesting

Firewall penetration testing is a method of locating, scoping, and penetrating a specific firewall to test an organisation’s network infrastructure.

Screenshot 2025 08 18 At 16.20.50
Pentesting

Maximise your pentest impact with OnSecurity’s guide on leveraging reports to enhance your security posture and confidently and quickly share results

Updated Blog Banners 2 1
Pentesting

What is Penetration Testing? Penetration Testing, otherwise known as “pentesting” or ethical hacking, is the beating heart of all good

Cloud Native Security 1
Pentesting

The best practices and essential strategies to fortify your cloud infrastructure, ensuring a robust security framework for your cloud-based operations.

Soc2 Banner
Pentesting

Explore OnSecurity’s services and products for enhancing your organization’s security posture. Understand the importance of SOC 2 compliance requirements.

Cloud Native Security
Pentesting

Cloud-native security systems are transforming the way businesses protect their digital assets. Built for the cloud, these systems offer dynamic

Sqlguru
Pentesting

Welcome to our Pentest Files blog series. Each blog post will present an interesting or dangerous finding one of our

Sqlguru 1
Pentesting

Discover now how our tester skillfully exploited multiple SQL injection vulnerabilities to extract valuable data from an application’s backend databases.

Apache Tomcat Rce Exploit 1 1
Pentesting

Highlighting a critical cybersecurity issue: Unauthorised access is inevitable wherever default credentials are used, underscoring the need for caution.

Pci Dss Banner
Pentesting

Discover the purpose of PCI DSS: securing card payments. OnSecurity offers PCI segmentation pentesting for businesses, ensuring a secure payment environment.

Admin Account Takeover Via Password Reset
Pentesting

A simple bug in the ‘forgotten password’ mechanism led to a malicious takeover of an entire target application. Find out how this was fixed and secured.

Header 5
Pentesting

Maximise your pentest impact with OnSecurity’s guide on leveraging reports to enhance your security posture and confidently and quickly share results

Admin Account Takeover Via Password Reset
Pentesting

Welcome to our Pentest Files blog series. Each blog post will present an interesting or dangerous finding one of our

Docker Breakout
Pentesting

Welcome to our Pentest Files blog series. Each blog post will present an interesting or dangerous finding one of our

Docker Breakout 1
Pentesting

Explore Docker’s security aspects: Understand how taking precautions is crucial to avoid vulnerabilities in this widely-used containerization platform.

Server Side Request Forgery 1
Pentesting

Explore our technique of using Server Side Request Forgery (SSRF) to successfully retrieve EC2 credentials, demonstrating advanced cybersecurity tactics.

Server Side Request Forgery
Pentesting

Welcome to our Pentest Files blog series. Each blog post will present an interesting or dangerous finding one of our

Cloud Access Keys 1
Pentesting

Unveiling the risks of exposing AWS (amazon web services) keys, this article shares a real example from a recent pen test conducted by our expert testers.

Pentest Files Smashing The Password Reset Function For Fun And Profit
Pentesting

Welcome to our Pentest Files blog series. Each blog post will present an interesting or dangerous finding one of our

Pentest Files Smashing The Password Reset Function For Fun And Profit 1
Pentesting

Here Tristan demonstrates how to reset any user’s password by altering the password reset functionality, revealing a crucial cybersecurity vulnerability.

Bypass Freemium
Pentesting

Welcome to our Pentest Files blog series. Each blog post will present an interesting or dangerous finding one of our

Header
Pentesting

Congratulations! You just completed your penetration test. You’ve read the report, planned your mitigation strategies, and started executing on the

Bypass Freemium 1
Pentesting

Emphasizing a critical cybersecurity practice: Avoid relying only on client-side measures for key security functions, and explore stronger alternatives.

Cloud Access Keys
Pentesting

Welcome to our Pentest Files blog series. Each blog post will present an interesting or dangerous finding one of our

Computer Pen Test Guide
Pentesting

Because so much of life is carried out online these days, it’s essential that you take all the necessary steps

Cover 3
Pentesting

The critical differences between a penetration test and a vulnerability scan are often misunderstood. While both processes work to protect

Cover 16
Pentesting

Vulnerability scans look for known vulnerabilities in your systems, while Penetration tests intend to exploit weaknesses in the architecture. How To Do….

Pentesting Postgresql With Sql Injections2 1
Pentesting

Join Gus, explore advanced techniques for detecting and exploiting SQL Injection vulnerabilities in PostgreSQL-based web applications, ensuring robust security.

List 1
Pentesting

Explore the future of pentest reports as we unveil the next-generation approach. Discover what’s on the horizon for cybersecurity assessments and reporting.

New Feature Online Estimates
Pentesting

Effortlessly obtain a penetration testing quote online without sales calls. Experience a streamlined, hassle-free process for your cybersecurity needs.

Pentesting Postgresql With Sql Injections2
Pentesting

This post revolves around general analysis, exploitation and discovery of SQL Injection vulnerabilities in app using the Postgres DMBS. We

Screenshot 2025 08 18 At 16.20.50
Pentesting

Maximise your pentest impact with OnSecurity’s guide on leveraging reports to enhance your security posture and confidently and quickly share results

Screenshot 2025 08 18 At 16.07.14
News and Industry Trends

Join Gus on a deep dive into crafting Jinja2 SSTI payloads from scratch. Explore bypass methods and various exploitation techniques in this insightful post.

Screenshot 2025 08 15 At 14.05.27
News and Industry Trends

Understand the Power of Secure Code: Enhance Business Security with Proactive Code Audits. Discover vulnerabilities, ensure compliance, and build trust.

Screenshot 2025 08 15 At 13.51.09
News and Industry Trends

Roles in software engineering are becoming more popular with advances in technology and require a key set of skills. Here we run through how to become a software engineer

Screenshot 2025 08 15 At 13.45.22
News and Industry Trends

Learn about spoofing in cyber security, how it works, common types, and how businesses can detect and protect against this growing cyber threat.

Screenshot 2025 08 15 At 13.48.42
News and Industry Trends

Learn how OnSecurity evolved from the vision of a few founders to an industry-leading pentest provider, as shared by one of its founding members.

Screenshot 2025 08 15 At 13.54.36
News and Industry Trends

Learn how iOS penetration testing uncovers vulnerabilities in your mobile apps, ensuring robust security and protecting user data on Apple devices.

Screenshot 2025 08 15 At 14.01.50
News and Industry Trends

What are the differences between ISO 27001 and SOC 2, Type 2? How can I choose the right cybersecurity framework for my organisation?

New Blog Banners 3 6
News and Industry Trends

Ensure your Open Banking APIs meet regulatory standards with robust security testing. Learn key methods, risks, and compliance best practices.

New Blog Banners 3
News and Industry Trends

Discover the top 10 fintech app security vulnerabilities found in 2025, plus practical fixes to help your team improve security and reduce cyber risk.

What Is Hashing In Cyber Security?
News and Industry Trends

Learn the essentials of hashing in cyber security, its importance, and practical applications. Discover how it protects data integrity—read more now!

Penetration Testing Best Practices During Financial Mergers And Acquisitions
News and Industry Trends

Ensure secure fintech mergers with penetration testing best practices. Learn how to reduce risk, protect data, and support due diligence during M&A deals.

Updated Blog Banners 4 8 Scaled 1
Pentesting

Discover how often different industries may need to complete penetration testing to keep their businesses secure. Uncover which factors affect pentesting frequency.

Cost Of A Retail Data Breach
News and Industry Trends

Discover the true cost of a retail data breach and why regular penetration testing is a smart, ROI-positive investment, not just a compliance requirement.

Most Common Pentest Findings
News and Industry Trends

Understand the most common high-impact penetration testing findings that OnSecurity’s testers discover and the steps to take to remediate them.

Updated Blog Banners 4 4
Pentesting

Discover the top 5 CREST-accredited penetration testing service providers in the UK, and find out what sets them apart. Uncover the best penetration testing services for your business.

Article Pentestfeatured
Pentesting

Penetration tester Leonard Matara shares key insights on pentest pitfalls, security strategy, and the need for continuous testing.

What Is Quishing In Cybersecurity?
News and Industry Trends

Learn what quishing is, how it works, and why it’s a major threat to businesses. Protect your data with OnSecurity’s penetration testing services.

New Blog Banners Scaled 1
Pentesting

Discover how AI-powered penetration testing enhances traditional methods, boosts efficiency, and strengthens your security posture, combining human expertise with automation for smarter protection.

Updated Blog Banners 4 6
Pentesting

Learn how to save time and money on penetration testing with expert tips to balance cost, quality, and security.

Updated Blog Banners 4 8
Pentesting

Enhance your security posture with essential practices for effective pentest orchestration. Discover strategies that streamline processes and support your organisation.

What Is Ransomware? Causes And Prevention Strategies
News and Industry Trends

Ransomware can cripple businesses by locking critical data and demanding payment. Learn what ransomware is, how it works, and how penetration testing can help prevent attacks.

Iso27001 Vs Soc-2, Type 2: An Evaluation
News and Industry Trends

What are the differences between ISO 27001 and SOC 2, Type 2? How can I choose the right cybersecurity framework for my organisation?

New Blog Banners 3 6
News and Industry Trends

Learn the key differences between penetration testing and vulnerability scanning. Understand when to use each method for optimal cybersecurity protection.

Updated Blog Banners 4 7
Pentesting

Discover the differences between ethical hacking and penetration testing, how they protect your business from cyber threats, and when to choose each for security assessments.

Cost Of A Retail Data Breach
News and Industry Trends

Explore API pen testing, its benefits, common vulnerabilities, and best practices to strengthen your business’s security posture.

New Blog Banners 2 1 Scaled 1
Pentesting

Explore OnSecurity’s services and products for enhancing your organisation’s security posture. Understand the importance of SOC 2 compliance requirements.

New Blog Banners 16 Scaled 1
Pentesting

Unravel the essentials of ISO 27001 certification in this blog. Explore critical insights and guidelines for a robust security management system.

A Blue Banner Reading &Quot;Introducing The Threat Intelligence Tool By Onsecurity&Quot;
News and Industry Trends

Radar by OnSecurity: an advanced tool for threat intelligence. Learn its role in enhancing security, achieving ISO certifications, and prioritising threats

Screenshot 2025 08 18 At 15.18.46
News and Industry Trends

Understand the Power of Secure Code: Enhance Business Security with Proactive Code Audits. Discover vulnerabilities, ensure compliance, and build trust.

Screenshot 2025 08 18 At 15.28.45
News and Industry Trends

Discover how we exploited a SSRF vulnerability in a web application to acquire API credentials and access AWS S3 buckets, showcasing cybersecurity risks.

Screenshot 2025 08 18 At 15.31.15
News and Industry Trends

Emphasising a critical cybersecurity practice: Avoid relying only on client-side measures for key security functions, and explore stronger alternatives.

List
Pentesting

Join our unique and growing pen-testing company and showcase your talent. We’re seeking skilled pen-testers who stand out from the crowd, apply here now!

What Is A Penetration Test 1
Pentesting

You can now explore the purpose and process of penetration tests (pen-tests), authorised simulated cyber-attacks that assess the security of computer systems.

What Is A Penetration Test
Pentesting

What is a penetration test and why should I get one? A penetration test (aka pen-test), is an authorised simulated

Pain
Pentesting

Discover effective strategies to streamline and simplify penetration testing. Learn how to alleviate the complexities for a more efficient testing process.

3
Vulnerabilities & Hacking

Smishing, a form of cyber-attack that uses SMS messages to deceive victims, is on the rise. By exploiting human trust,

Screenshot 2025 08 18 At 16.20.50
Pentesting

Maximise your pentest impact with OnSecurity’s guide on leveraging reports to enhance your security posture and confidently and quickly share results

Retail Cybersecurity
News and Industry Trends

Many retailers face rising cyber threats. Discover key challenges and practical solutions to protect systems, data, and customer trust.

Screenshot 2025 08 26 At 14.58.26
Vulnerabilities & Hacking

Exploring Cloud Security: Risks, Regulations & Remedies. Learn from incidents & strategies for robust cloud protection in an evolving digital landscape.

Screenshot 2025 08 26 At 14.55.21
Vulnerabilities & Hacking

Discover how to mitigate financial risks from subdomain takeovers. Learn strategies to safeguard against reputational damage and data breaches.

Ssdlc Deep Dive
Vulnerabilities & Hacking

Explore SSDLC stages: From planning to deployment. Learn how to secure web apps effectively with OnSecurity’s solutions.

Cloud Security Challenges For Businesses
Vulnerabilities & Hacking

How Can Businesses Overcome Cloud Security Challenges? The rapid global shift to cloud computing continues to gather momentum, and with

12
Vulnerabilities & Hacking

Defining Cybercrime What do you imagine when you think of a cybercriminal? Do you envision an erratic, reactive hacker, randomly

Nist Banner
Vulnerabilities & Hacking

Explore the intricacies of this vital framework designed to fortify businesses against diverse cyber threats. Core principles and actionable guidance.

Typosquatting
Vulnerabilities & Hacking

The risks of typosquatting and its implications for online security. Explore cybercriminal tactics, real-world cases, and protective measures for your brand.

Cover 10
Vulnerabilities & Hacking

Radar by OnSecurity: an advanced tool for threat intelligence. Learn its role in enhancing security, achieving ISO certifications, and prioritizing threats.

Stickynotes
Vulnerabilities & Hacking

The best practices with OnSecurity’s cyber security checklist 2023. Identify crucial steps to protect data and systems from unauthorised access and threats.

Saas1
Vulnerabilities & Hacking

Understanding the importance of cybersecurity for SaaS companies. Explore the awareness of threats and proactive measures to safeguard data and systems.

What Is A Pentest
Vulnerabilities & Hacking

Is your business an easy target for hackers? A penetration test is the best way to know for sure. What

Typosquat Blog Header
Vulnerabilities & Hacking

Dispelling misconceptions about cyber attack targets: Modern cybercrime is a complex, sophisticated industry. Gain insights into the evolving threat landscape.

What Is A Pentest 1
Vulnerabilities & Hacking

Discover the essence of a penetration test (pentest) and its necessity. Get the answers to why you might require this crucial cybersecurity assessment.

Vulnerability Scanning
Vulnerabilities & Hacking

Vulnerability Scanning isn’t rocket science, anyone with an internet connection and device can search for and find a tool within

Vulnerability Scanning 1
Vulnerabilities & Hacking

Delve into effective vulnerability scanning strategy and adopt best practices. This guide offers a very comprehensive understanding of the role they play.

Digger Drill
Vulnerabilities & Hacking

New report reveals increasing cyber threats to drilling rigs, potentially leading to severe safety incidents. Understand the emerging vulnerabilities.

Cybersecurity Randsomware
Vulnerabilities & Hacking

Here we delve into the evolution of ransomware with OnSecurity’s article on Triple Extortion tactics that threaten not just data, but a companies reputation

Zero Day
Vulnerabilities & Hacking

CVE-2021-44228: A new high profile zero-day vulnerability affecting large number of Java applications through a vulnerable version of the widely-used library Apache log4j.

Phishing Biggest Cyber Threat
Vulnerabilities & Hacking

New research shows the prevalence of email phishing as the top cyber threat, tricking firms into revealing information through reputable sender disguises.

Who Does Social Engineering Target 1
Vulnerabilities & Hacking

Explore the rise of social engineering threats. Understand how individuals are manipulated to divulge sensitive information, passwords, and financial details.

Who Does Social Engineering Target
Vulnerabilities & Hacking

Protecting the data, valuables and account information related to your business has become even more vital as our workplaces have

Macbook
Vulnerabilities & Hacking

Apple claims that its Mac computers are well protected by in-built antivirus features, and there is no need to worry about extra security – how true is this?

Method Confusion
Vulnerabilities & Hacking

Delve into OnSecurity’s research on Go’s server-side template injection vulnerabilities, revealing potential for file reads and RCE exploits. Read more now.

Hoth
Vulnerabilities & Hacking

This post explores each of the initial compromise methods for the TryHackMe x HackerOne CTF. Diving into the web security flaws and PHP tricks abused to gain access to the host webserver.

Laptop Hacker Money Padlock
Vulnerabilities & Hacking

Learn 3 essential steps to enhance your cybersecurity posture, and effectively mitigate emerging zero-day vulnerabilities for comprehensive threat protection.

What Is A Zero Day Exploit
Vulnerabilities & Hacking

Explore the challenge of vulnerabilities exploited before fixes. Learn how to address security gaps and protect against threats in this insightful discussion.

Cyber Attack Malware Virus
Vulnerabilities & Hacking

Here you can discover the history and impact of MyDoom, the fastest spreading and most damaging computer virus to date, on OnSecurity’s informative blog post

Cover 18
Vulnerabilities & Hacking

Do you suspect a phishing attempt? Explore this guide for actionable steps on what to do next. Get assistance in handling potential phishing incidents.

Cve Hunting In An Open Source Application
Vulnerabilities & Hacking

CVE hunting within open-source applications – invaluable insights for identifying vulnerabilities, ensuring robust security in open-source software.

Cover 13
Vulnerabilities & Hacking

Dive deeper into Spear Phishing, a sophisticated cyber attack targeting specific individuals to gain unauthorized access to confidential data and files.

Cover 8
Vulnerabilities & Hacking

Recruitment companies are a prime target for hackers. We go over the main aspects that recruitment companies should be careful of with their CyberSecurity

Cover 15
Vulnerabilities & Hacking

Learn proactive cyber threat prevention through threat modeling. Discover how to anticipate and mitigate security incidents before they occur with this guide.

Cover 1
Vulnerabilities & Hacking

Phishing, a cyber-crime that targets victims through email, has become the most common form of online attack. Hackers will attempt

6 Ways To Spot A Phishing Email 1
Vulnerabilities & Hacking

Safeguard your inbox against cyber threats. Explore our expert insights on spotting and avoiding phishing attempts to enhance your online security strategy.

Cover 4
Vulnerabilities & Hacking

7 effective strategies to improve your company’s security. Discover actionable steps to fortify your defences against cyber threats and safeguard your business.

Cover 9
Vulnerabilities & Hacking

Craig has delved into his research on CVE-2019-11510, uncovering over 736 vulnerable hosts and sharing insights on this critical cybersecurity threat.

Cover 14
Vulnerabilities & Hacking

Explore the financial implications of data breaches, a frequent occurrence in today’s digital world. Learn about the actual costs behind a data breach.

Cover 2
Vulnerabilities & Hacking

Recently I was tasked to conduct an external infrastructure penetration test against a select few IP addresses of a certain

Cover 17
Vulnerabilities & Hacking

Uncover the mechanics of ransomware and prevention strategies to safeguard your network against cybercriminal tactics with OnSecurity’s expert insights

Careless With Curl Dont Be
Vulnerabilities & Hacking

Gain insight and learn responsible cURL usage and secure scripting practices in this essential OnSecurity blog on web requests and data transfers. Read now.

What Is Social Engineering 1
Vulnerabilities & Hacking

A Penetration Testing Pro shows how social engineering works in the real world. Hackers techniques, real-life examples and practical tips on staying safe.

What Is Social Engineering
Vulnerabilities & Hacking

Social Engineering – Definition Social Engineering is the name given to the behavioural techniques that cybercriminals use to manipulate their

List
Vulnerabilities & Hacking

Discover the challenges of managing extensive database audits and our innovative solution using Elasticsearch, a custom Node tool, and PostgreSQL triggers.

What Is Spear Phishing
Vulnerabilities & Hacking

What’s the difference between Spear Phishing and regular spam? Unlike regular phishing emails which are sent out to masses of

Rapid7S Project Sonar2
Vulnerabilities & Hacking

Discover the process and insights behind making Rapid7’s Project Sonar accessible and searchable. Explore the journey now within cybersecurity now.

Gain Access To Burp Collaborator Sessions
Vulnerabilities & Hacking

Discover how you use Burpsuite Collaborator persistently for enhanced cybersecurity testing. Now it’s possible to leverage this tool more effectively.

What Is Email Phishing
Vulnerabilities & Hacking

Get insights into email phishing from an Ethical Hacking Veteran. Learn common tactics with real-world examples and practical tips for businesses & Individuals

Abusing Kerberos From Linux
Vulnerabilities & Hacking

Explore Kerberos abuse techniques on Linux with our comprehensive guide. Delve into the available tools and methods for effective Kerberos exploitation.

Buffer Overflow Easy Chat Server 31
Vulnerabilities & Hacking

Explore the buffer overflow vulnerability in Easy Chat Server 3.1. Gain insights into this security issue and how to successfully these mitigate risks.

Sever Side Template Injection With Jinja2
Vulnerabilities & Hacking

Join Gus on a deep dive into crafting Jinja2 SSTI payloads from scratch. Explore bypass methods and various exploitation techniques in this insightful post.

Screenshot 2025 08 18 At 16.20.50
Pentesting

Maximise your pentest impact with OnSecurity’s guide on leveraging reports to enhance your security posture and confidently and quickly share results

Screenshot 2025 08 18 At 16.07.14
News and Industry Trends

Join Gus on a deep dive into crafting Jinja2 SSTI payloads from scratch. Explore bypass methods and various exploitation techniques in this insightful post.

Screenshot 2025 08 15 At 14.05.27
News and Industry Trends

Understand the Power of Secure Code: Enhance Business Security with Proactive Code Audits. Discover vulnerabilities, ensure compliance, and build trust.

Screenshot 2025 08 15 At 13.51.09
News and Industry Trends

Roles in software engineering are becoming more popular with advances in technology and require a key set of skills. Here we run through how to become a software engineer

Screenshot 2025 08 15 At 13.45.22
News and Industry Trends

Learn about spoofing in cyber security, how it works, common types, and how businesses can detect and protect against this growing cyber threat.

Screenshot 2025 08 15 At 13.48.42
News and Industry Trends

Learn how OnSecurity evolved from the vision of a few founders to an industry-leading pentest provider, as shared by one of its founding members.

Screenshot 2025 08 15 At 13.54.36
News and Industry Trends

Learn how iOS penetration testing uncovers vulnerabilities in your mobile apps, ensuring robust security and protecting user data on Apple devices.

Screenshot 2025 08 15 At 14.01.50
News and Industry Trends

What are the differences between ISO 27001 and SOC 2, Type 2? How can I choose the right cybersecurity framework for my organisation?

New Blog Banners 3 6
News and Industry Trends

Ensure your Open Banking APIs meet regulatory standards with robust security testing. Learn key methods, risks, and compliance best practices.

New Blog Banners 3 2
News and Industry Trends

Discover the risks of using unsecured WiFi and learn effective strategies to protect your data. Read more to safeguard your online security today.

New Blog Banners 3
News and Industry Trends

Discover the top 10 fintech app security vulnerabilities found in 2025, plus practical fixes to help your team improve security and reduce cyber risk.

Retail Cybersecurity
News and Industry Trends

Many retailers face rising cyber threats. Discover key challenges and practical solutions to protect systems, data, and customer trust.

Updated Blog Banners 4 5
Vulnerabilities & Hacking

Find out why you need to protect your business against zero-click malware. Discover the best ways to defend your business against attacks.

Updated Blog Banners 4 2
Vulnerabilities & Hacking

Learn what MFA fatigue is, why it poses a security risk, and discover practical steps businesses can take to prevent and mitigate it effectively.

Updated Blog Banners 4 1
Vulnerabilities & Hacking

Learn how to build effective cybersecurity policies for your small business. Practical steps to protect data, ensure compliance & reduce risks.

Updated Blog Banners 4
Vulnerabilities & Hacking

Discover how enterprise businesses can tackle remote working cybersecurity risks with pentesting, clear policies, and training.

Updated Blog Banners 4 3
Vulnerabilities & Hacking

Discover 5 effective ways to protect your business from deepfake scams, including employee training, testing processes, and AI-generated content detection.

Updated Blog Banners 4 7
Vulnerabilities & Hacking

Learn about brute force attacks in cyber security, how they work, types, signs to watch for, and ways to protect systems from unauthorised access and potential data breaches.

What Is A Brute Force Attack In Cyber Security?
News and Industry Trends

Learn about brute force attacks in cyber security, how they work, types, signs to watch for, and ways to protect systems from unauthorised access and potential data breaches.

New Blog Banners 3 5
News and Industry Trends

From doctor to pentester: Archana Singh’s inspiring journey into cybersecurity shows how passion and resilience can shape new careers.

New Blog Banners 3 3
News and Industry Trends

Explore the journeys of women in cybersecurity at OnSecurity, with insights from Product Manager Beth Watts on navigating and thriving in tech.

New Blog Banners 2 1 Scaled 1
Pentesting

Explore OnSecurity’s services and products for enhancing your organisation’s security posture. Understand the importance of SOC 2 compliance requirements.

New Blog Banners 1 1 Scaled 1
News and Industry Trends

Discover the purpose of PCI DSS: securing card payments. OnSecurity offers PCI segmentation pentesting for businesses, ensuring a secure payment environment.

New Blog Banners 16 Scaled 1
Pentesting

Unravel the essentials of ISO 27001 certification in this blog. Explore critical insights and guidelines for a robust security management system.

New Blog Banners 15 Scaled 1
Vulnerabilities & Hacking

Explore the intricacies of this vital framework designed to fortify businesses against diverse cyber threats. Core principles and actionable guidance.

New Blog Banners 2 2 Scaled 1
News and Industry Trends

The risks of typosquatting and its implications for online security. Explore cybercriminal tactics, real-world cases, and protective measures for your brand.

A Blue Banner Reading &Quot;Introducing The Threat Intelligence Tool By Onsecurity&Quot;
News and Industry Trends

Radar by OnSecurity: an advanced tool for threat intelligence. Learn its role in enhancing security, achieving ISO certifications, and prioritising threats

Screenshot 2025 08 18 At 15.18.46
News and Industry Trends

Understand the Power of Secure Code: Enhance Business Security with Proactive Code Audits. Discover vulnerabilities, ensure compliance, and build trust.

Screenshot 2025 08 18 At 15.28.45
News and Industry Trends

Discover how we exploited a SSRF vulnerability in a web application to acquire API credentials and access AWS S3 buckets, showcasing cybersecurity risks.

Screenshot 2025 08 18 At 15.31.15
News and Industry Trends

Emphasising a critical cybersecurity practice: Avoid relying only on client-side measures for key security functions, and explore stronger alternatives.

6 Ways To Spot A Phishing Email
Vulnerabilities & Hacking

Phishing emails are very common. They are spam emails that land in your inbox or junk folder that imitate a

What Is Email Phishing
Vulnerabilities & Hacking

What is Email Phishing a Definition ‘Phishing’ is a cyberattack in which email is the weapon. Victims are tricked into

Back To Basics Secure Your Startup
Vulnerabilities & Hacking

Protect your startup from threat with 7 key security tips. Expert insights to fortify your business against cyber threats and protect your startup’s IT

Back To Basics Make Yourself More Secure
Vulnerabilities & Hacking

Explore these practical cybersecurity steps with OnSecurity’s guide. Make digital safety simple with seven effective measures to protect against hackers

Ready to experience the future of pentesting?

Discover how combining expert insight with automation leads to faster, more precise, and high-impact penetration testing.