OnSecurity's Latest Articles, News and Industry Tips
Security should be important to everyone. Our blog features articles regarding your business’ security and different aspects to consider.
Smishing, a form of cyber-attack that uses SMS messages to deceive victims, is on the rise. By exploiting human trust,
Mobile devices are firmly embedded as a huge part of daily life, and therefore making sure Android apps and devices
Cyber threats are evolving, and every business – large or small – faces potential risks. A single vulnerability in your
Cybercriminals are no longer targeting just the big players. In fact, small businesses are firmly in their sights too. With
External penetration testing methodology: what is it and how does it work? External penetration testing is a crucial cybersecurity measure
2024 has been a transformative year for the OnSecurity team, marked by progress and significant milestones. To celebrate the company’s
Ethical hacking and penetration testing are essential cybersecurity practices that uncover security vulnerabilities by simulating attacks on an organisation’s network.
Sometimes referred to as ‘internal infrastructure tests’, or ‘internal network tests’, internal penetration tests are the backbone of any thorough
The term “penetration testing” or “pentesting” might be familiar, but the different types available—and how each can enhance your business’s
Enforceable by January 2025, the EU’s Digital Operational Resilience Act (DORA) introduces a landmark EU regulation framework, designed to help
Firewall penetration testing is a method of locating, scoping, and penetrating a specific firewall to test an organisation’s network infrastructure.
External and internal penetration testing both exist as part of a broader cybersecurity strategy, supporting organisations in pinpointing vulnerabilities through
Penetration testing is a crucial investment in your organisation’s cybersecurity, but understanding the associated costs can be challenging. While there’s
ISO 27001 and SOC 2, Type 2 are two of the most prominent regulatory frameworks in the cybersecurity industry. While
In the blink of an eye, artificial intelligence and emerging technology are shattering the old rules of cybersecurity, rendering traditional
Maximise your pentest impact with OnSecurity’s guide on leveraging reports to enhance your security posture and confidently and quickly share
Many retailers face rising cyber threats. Discover key challenges and practical solutions to protect systems, data, and customer trust.
Discover what the Digital Operational Resilience Act (DORA) means for cybersecurity in the financial sector. Learn the compliance requirements, and
The investment will support the pentesting firm’s plans for rapid growth and innovation as well as R&D for the pentesting
Discover how to mitigate financial risks from subdomain takeovers. Learn strategies to safeguard against reputational damage and data breaches.
Exploring Cloud Security: Risks, Regulations & Remedies. Learn from incidents & strategies for robust cloud protection in an evolving digital
Explore SSDLC stages: From planning to deployment. Learn how to secure web apps effectively with OnSecurity’s solutions.
What is Penetration Testing? Penetration Testing, otherwise known as “pentesting” or ethical hacking, is the beating heart of all good
How Can Businesses Overcome Cloud Security Challenges? The rapid global shift to cloud computing continues to gather momentum, and with
For National Coding Week, we reached out to some of our software developers at OnSecurity to hear their perspective on
Defining Cybercrime What do you imagine when you think of a cybercriminal? Do you envision an erratic, reactive hacker, randomly
Conor O’Neill is not your typical CEO. In 2023 he completed an Ironman marathon. He practises archery in his spare
With the rise of remote and flexible work policies, many employees have adopted cafes, libraries, and other public spaces as
Explore OnSecurity’s services and products for enhancing your organization’s security posture. Understand the importance of SOC 2 compliance requirements.
The risks of typosquatting and its implications for online security. Explore cybercriminal tactics, real-world cases, and protective measures for your
Radar by OnSecurity: an advanced tool for threat intelligence. Learn its role in enhancing security, achieving ISO certifications, and prioritizing
Highlighting a critical cybersecurity issue: Unauthorised access is inevitable wherever default credentials are used, underscoring the need for caution.
Discover now how our tester skillfully exploited multiple SQL injection vulnerabilities to extract valuable data from an application’s backend databases.
Learn about the key components of hybrid cloud security and the benefits and challenges of adopting a hybrid cloud environments
Explore the intricacies of this vital framework designed to fortify businesses against diverse cyber threats. Core principles and actionable guidance.
The best practices and essential strategies to fortify your cloud infrastructure, ensuring a robust security framework for your cloud-based operations.
Welcome to our Pentest Files blog series. Each blog post will present an interesting or dangerous finding one of our
A hybrid cloud security solution tries to combine the best of both worlds, with on-premises and cloud solutions being intertwined
Cloud-native security systems are transforming the way businesses protect their digital assets. Built for the cloud, these systems offer dynamic
Discover the purpose of PCI DSS: securing card payments. OnSecurity offers PCI segmentation pentesting for businesses, ensuring a secure payment
Maximise your pentest impact with OnSecurity’s guide on leveraging reports to enhance your security posture and confidently and quickly share
Discover the essence of a penetration test (pentest) and its necessity. Get the answers to why you might require this
Dispelling misconceptions about cyber attack targets: Modern cybercrime is a complex, sophisticated industry. Gain insights into the evolving threat landscape.
Understanding the importance of cybersecurity for SaaS companies. Explore the awareness of threats and proactive measures to safeguard data and
Uncover strategies for recognizing impending phishing attacks. This post details our proactive approach in warning a customer about a serious
Emphasizing a critical cybersecurity practice: Avoid relying only on client-side measures for key security functions, and explore stronger alternatives.
Here Tristan demonstrates how to reset any user’s password by altering the password reset functionality, revealing a crucial cybersecurity vulnerability.
Unveiling the risks of exposing AWS (amazon web services) keys, this article shares a real example from a recent pen
Explore our technique of using Server Side Request Forgery (SSRF) to successfully retrieve EC2 credentials, demonstrating advanced cybersecurity tactics.
Explore Docker’s security aspects: Understand how taking precautions is crucial to avoid vulnerabilities in this widely-used containerization platform.
The best practices with OnSecurity’s cyber security checklist 2023. Identify crucial steps to protect data and systems from unauthorised access
A simple bug in the ‘forgotten password’ mechanism led to a malicious takeover of an entire target application. Find out
Is your business an easy target for hackers? A penetration test is the best way to know for sure. What
Congratulations! You just completed your penetration test. You’ve read the report, planned your mitigation strategies, and started executing on the
Welcome to our Pentest Files blog series. Each blog post will present an interesting or dangerous finding one of our
Welcome to our Pentest Files blog series. Each blog post will present an interesting or dangerous finding one of our
Welcome to our Pentest Files blog series. Each blog post will present an interesting or dangerous finding one of our
Welcome to our Pentest Files blog series. Each blog post will present an interesting or dangerous finding one of our
Welcome to our Pentest Files blog series. Each blog post will present an interesting or dangerous finding one of our
Here we delve into the evolution of ransomware with OnSecurity’s article on Triple Extortion tactics that threaten not just data,
Delve into effective vulnerability scanning strategy and adopt best practices. This guide offers a very comprehensive understanding of the role
Discover why over half of UK businesses are hiring CISOs to combat cyber threats, with OnSecurity’s updated insights on the
New report reveals increasing cyber threats to drilling rigs, potentially leading to severe safety incidents. Understand the emerging vulnerabilities.
Explore how remote working can define an organisations agility and crisis response, all while also considering the potential risks associated
Discover crucial insights on the actively exploited Microsoft zero-day vulnerability. Protect your systems with expert advice and stay ahead of
Stay informed with the latest strategies tackling cybercrime as governments announce robust plans. Dive into the blog for crucial cybersecurity
Microsoft email servers are being targeted by hackers after a series of vulnerabilities were detailed at a computer security conference
Holyrood reports on the UK Government’s £700,000 fund initiative to expand the cyber security sector, signaling huge significant growth and
Delve into an overview of 2021’s significant data breaches. Explore the most notable incidents and learn from them for better
Vulnerability Scanning isn’t rocket science, anyone with an internet connection and device can search for and find a tool within
CVE-2021-44228: A new high profile zero-day vulnerability affecting large number of Java applications through a vulnerable version of the
Sony is a gigantic multipartite corporation that has been prone to multiple different types of hacks, find out why and
Google’s very impressive record: Zero successful phishing attacks on a massive workforce of 140,000+ employees. Discover their security success story.
New research shows the prevalence of email phishing as the top cyber threat, tricking firms into revealing information through reputable
Explore the risks businesses face with internet-stored data and the prevalent distrust in online security, highlighting the need for robust
“Online US retail giant Amazon has used its cloud operations to do a deal with the GCHQ, MI5, and MI6,
Catch Of The Week Did you know that Google has never been the victim of a successful phishing attack? Not bad for
Online US retail giant Amazon has used its cloud operations to do a deal with the GCHQ, MI5, and MI6, The
Welcome to our Pentest Files blog series. Each blog post will present an interesting or dangerous finding one of our
Explore the rise of social engineering threats. Understand how individuals are manipulated to divulge sensitive information, passwords, and financial details.
One of the biggest growing problems in computer security is the growing proliferation of cyberattacks which are far more open
Here you can discover the history and impact of MyDoom, the fastest spreading and most damaging computer virus to date,
Explore the challenge of vulnerabilities exploited before fixes. Learn how to address security gaps and protect against threats in this
The United Kingdom Government takes action to safeguard smart devices with new laws aimed at countering cyberattacks. Read the press
This post explores each of the initial compromise methods for the TryHackMe x HackerOne CTF. Diving into the web security
Dive into the alarming rise of Ryuk ransomware since 2018, which has accumulated over $150 million, showcasing its global financial
Explore the methods targeting LinkedIn users through phishing scams and gain insights into the everyday tactics used by cybercriminals to
Delve into the fascinating narrative of how a love letter altered the landscape of computer security perpetually. Uncover this tale
Delve into OnSecurity’s research on Go’s server-side template injection vulnerabilities, revealing potential for file reads and RCE exploits. Read more
Unravel the simplicity of gRPC with Project Crobat. Learn to streamline development with gRPC and empower your projects. Dive into
A compilation of tricks and checks for when a file upload is encountered in an offensive security test.
Apple claims that its Mac computers are well protected by in-built antivirus features, and there is no need to worry
A computer hacker in the US was able to gain access to the water system of Oldsmar in Florida and
The myths surrounding cloud security hesitancy. Gain clarity on common misconceptions and make informed decisions about cloud-based security solutions.
Learn 3 essential steps to enhance your cybersecurity posture, and effectively mitigate emerging zero-day vulnerabilities for comprehensive threat protection.
Because so much of life is carried out online these days, it’s essential that you take all the necessary steps
Protecting the data, valuables and account information related to your business has become even more vital as our workplaces have
Uncover the latest threat looming over government servers. The newfound vulnerability impacts Microsoft systems, leaving government infrastructures at risk.
Do you suspect a phishing attempt? Explore this guide for actionable steps on what to do next. Get assistance in
Vulnerability scans look for known vulnerabilities in your systems, while Penetration tests intend to exploit weaknesses in the architecture. How
We love using Clubhouse to helps us develop our security projects
Learn proactive cyber threat prevention through threat modeling. Discover how to anticipate and mitigate security incidents before they occur with
Dive deeper into Spear Phishing, a sophisticated cyber attack targeting specific individuals to gain unauthorized access to confidential data and
The continued impact of the pandemic has made working from home the new normal, rapidly accelerating digital transformation in companies
Craig has delved into his research on CVE-2019-11510, uncovering over 736 vulnerable hosts and sharing insights on this critical cybersecurity
Recruitment companies are a prime target for hackers. We go over the main aspects that recruitment companies should be careful
In this blog we uncover a huge data spill for Wishbone, revealing massive amounts of user data available for malicious
Uncovering what went wrong with TravelEx. Investigating ransomware designed to take over the network and block access to file networks.
CVE hunting within open-source applications – invaluable insights for identifying vulnerabilities, ensuring robust security in open-source software.
7 effective strategies to improve your company’s security. Discover actionable steps to fortify your defences against cyber threats and safeguard
Safeguard your inbox against cyber threats. Explore our expert insights on spotting and avoiding phishing attempts to enhance your online
The critical differences between a penetration test and a vulnerability scan are often misunderstood. While both processes work to protect
Phishing, a cyber-crime that targets victims through email, has become the most common form of online attack. Hackers will attempt
Launched in 2015, Wishbone is a social networking app that encourages users to have their say in comparisons of everything
Uncover the mechanics of ransomware and prevention strategies to safeguard your network against cybercriminal tactics with OnSecurity’s expert insights
Explore the financial implications of data breaches, a frequent occurrence in today’s digital world. Learn about the actual costs behind
What happened in 2014 when Sony became the victim of an attack? Explore how Wiper malware was deployed and crippled
Recently I was tasked to conduct an external infrastructure penetration test against a select few IP addresses of a certain
Preventing complacency in testers is crucial to ensuring you have a successful test. Learn about why an alert and proactive
Get insights into email phishing from an Ethical Hacking Veteran. Learn common tactics with real-world examples and practical tips for
Explore the future of pentest reports as we unveil the next-generation approach. Discover what’s on the horizon for cybersecurity assessments
Discover the challenges of managing extensive database audits and our innovative solution using Elasticsearch, a custom Node tool, and PostgreSQL
A Penetration Testing Pro shows how social engineering works in the real world. Hackers techniques, real-life examples and practical tips
Join Gus on a deep dive into crafting Jinja2 SSTI payloads from scratch. Explore bypass methods and various exploitation techniques
Discover how you use Burpsuite Collaborator persistently for enhanced cybersecurity testing. Now it’s possible to leverage this tool more effectively.
Join Gus, explore advanced techniques for detecting and exploiting SQL Injection vulnerabilities in PostgreSQL-based web applications, ensuring robust security.
Enforceable by January 2025, the EU’s Digital Operational Resilience Act (DORA) introduces a landmark EU regulation framework, designed to help
2024 has been a transformative year for the OnSecurity team, marked by progress and significant milestones. To celebrate the company’s
In the blink of an eye, artificial intelligence and emerging technology are shattering the old rules of cybersecurity, rendering traditional
ISO 27001 and SOC 2, Type 2 are two of the most prominent regulatory frameworks in the cybersecurity industry. While
Many retailers face rising cyber threats. Discover key challenges and practical solutions to protect systems, data, and customer trust.
The investment will support the pentesting firm’s plans for rapid growth and innovation as well as R&D for the pentesting platform
Discover what the Digital Operational Resilience Act (DORA) means for cybersecurity in the financial sector. Learn the compliance requirements, and how to prepare with penetration testing.
With the rise of remote and flexible work policies, many employees have adopted cafes, libraries, and other public spaces as
Conor O’Neill is not your typical CEO. In 2023 he completed an Ironman marathon. He practises archery in his spare
For National Coding Week, we reached out to some of our software developers at OnSecurity to hear their perspective on
A hybrid cloud security solution tries to combine the best of both worlds, with on-premises and cloud solutions being intertwined
Learn about the key components of hybrid cloud security and the benefits and challenges of adopting a hybrid cloud environments and setups in business.
Uncover strategies for recognizing impending phishing attacks. This post details our proactive approach in warning a customer about a serious fraud attempt.
Explore how remote working can define an organisations agility and crisis response, all while also considering the potential risks associated with it.
Holyrood reports on the UK Government’s £700,000 fund initiative to expand the cyber security sector, signaling huge significant growth and development.
Microsoft email servers are being targeted by hackers after a series of vulnerabilities were detailed at a computer security conference in August
Stay informed with the latest strategies tackling cybercrime as governments announce robust plans. Dive into the blog for crucial cybersecurity updates.
Discover why over half of UK businesses are hiring CISOs to combat cyber threats, with OnSecurity’s updated insights on the evolving role in cybersecurity
Delve into an overview of 2021’s significant data breaches. Explore the most notable incidents and learn from them for better data security practices.
Discover crucial insights on the actively exploited Microsoft zero-day vulnerability. Protect your systems with expert advice and stay ahead of cyber threats.
“Online US retail giant Amazon has used its cloud operations to do a deal with the GCHQ, MI5, and MI6, The Financial Times reports.
Google’s very impressive record: Zero successful phishing attacks on a massive workforce of 140,000+ employees. Discover their security success story.
Online US retail giant Amazon has used its cloud operations to do a deal with the GCHQ, MI5, and MI6, The
Catch Of The Week Did you know that Google has never been the victim of a successful phishing attack? Not bad for
Sony is a gigantic multipartite corporation that has been prone to multiple different types of hacks, find out why and how they improve their security posture
Explore the risks businesses face with internet-stored data and the prevalent distrust in online security, highlighting the need for robust protection.
Dive into the alarming rise of Ryuk ransomware since 2018, which has accumulated over $150 million, showcasing its global financial impact and danger.
A compilation of tricks and checks for when a file upload is encountered in an offensive security test.
Unravel the simplicity of gRPC with Project Crobat. Learn to streamline development with gRPC and empower your projects. Dive into our blog for insights!
The United Kingdom Government takes action to safeguard smart devices with new laws aimed at countering cyberattacks. Read the press release for details.
Delve into the fascinating narrative of how a love letter altered the landscape of computer security perpetually. Uncover this tale of technological evolution.
One of the biggest growing problems in computer security is the growing proliferation of cyberattacks which are far more open and threatening in nature.
The myths surrounding cloud security hesitancy. Gain clarity on common misconceptions and make informed decisions about cloud-based security solutions.
Explore the methods targeting LinkedIn users through phishing scams and gain insights into the everyday tactics used by cybercriminals to exploit you further.
A computer hacker in the US was able to gain access to the water system of Oldsmar in Florida and successfully increased the amount of sodium hydroxide.
Uncover the latest threat looming over government servers. The newfound vulnerability impacts Microsoft systems, leaving government infrastructures at risk.
Uncovering what went wrong with TravelEx. Investigating ransomware designed to take over the network and block access to file networks.
In this blog we uncover a huge data spill for Wishbone, revealing massive amounts of user data available for malicious actors to share and exploit.
The continued impact of the pandemic has made working from home the new normal, rapidly accelerating digital transformation in companies
We love using Clubhouse to helps us develop our security projects
Launched in 2015, Wishbone is a social networking app that encourages users to have their say in comparisons of everything
What happened in 2014 when Sony became the victim of an attack? Explore how Wiper malware was deployed and crippled the large corporation’s network.
Defend against BlueKeep’s looming threats. Insights on securing systems from potential widespread attacks. This blog will help you stay informed of threats.
Preventing complacency in testers is crucial to ensuring you have a successful test. Learn about why an alert and proactive testing approach is essential.
Join Gus on a deep dive into crafting Jinja2 SSTI payloads from scratch. Explore bypass methods and various exploitation techniques in this insightful post.
Understand the Power of Secure Code: Enhance Business Security with Proactive Code Audits. Discover vulnerabilities, ensure compliance, and build trust.
Roles in software engineering are becoming more popular with advances in technology and require a key set of skills. Here we run through how to become a software engineer
Learn about spoofing in cyber security, how it works, common types, and how businesses can detect and protect against this growing cyber threat.
Learn how OnSecurity evolved from the vision of a few founders to an industry-leading pentest provider, as shared by one of its founding members.
Learn how iOS penetration testing uncovers vulnerabilities in your mobile apps, ensuring robust security and protecting user data on Apple devices.
What are the differences between ISO 27001 and SOC 2, Type 2? How can I choose the right cybersecurity framework for my organisation?
Ensure your Open Banking APIs meet regulatory standards with robust security testing. Learn key methods, risks, and compliance best practices.
Discover the risks of using unsecured WiFi and learn effective strategies to protect your data. Read more to safeguard your online security today.
Discover the top 10 fintech app security vulnerabilities found in 2025, plus practical fixes to help your team improve security and reduce cyber risk.
Learn the essentials of hashing in cyber security, its importance, and practical applications. Discover how it protects data integrity—read more now!
Ensure secure fintech mergers with penetration testing best practices. Learn how to reduce risk, protect data, and support due diligence during M&A deals.
Discover the true cost of a retail data breach and why regular penetration testing is a smart, ROI-positive investment, not just a compliance requirement.
Understand the most common high-impact penetration testing findings that OnSecurity’s testers discover and the steps to take to remediate them.
Many retailers face rising cyber threats. Discover key challenges and practical solutions to protect systems, data, and customer trust.
Protect your small business with our 7 essential cybersecurity tips. Learn about employee training, system updates, penetration testing, and MFA to safeguard against cyber threats and financial losses.
Discover how AI is transforming enterprise cybersecurity with smarter threat detection, proactive defence, and pentest automation.
Understanding the importance of cybersecurity for SaaS companies. Explore the awareness of threats and proactive measures to safeguard data and systems.
Duncan Butchart, VP of Sales at OnSecurity, shares insights into his 25-year career journey, the evolution of the cybersecurity industry, and how OnSecurity stands out with its expert team and customer-centric approach.
Learn what quishing is, how it works, and why it’s a major threat to businesses. Protect your data with OnSecurity’s penetration testing services.
Learn about brute force attacks in cyber security, how they work, types, signs to watch for, and ways to protect systems from unauthorised access and potential data breaches.
Ransomware can cripple businesses by locking critical data and demanding payment. Learn what ransomware is, how it works, and how penetration testing can help prevent attacks.
Protect your business from phishing scams with these 5 essential tips. Learn how to avoid phishing attacks and safeguard your data from cybercriminals.
What are the differences between ISO 27001 and SOC 2, Type 2? How can I choose the right cybersecurity framework for my organisation?
Learn the key differences between penetration testing and vulnerability scanning. Understand when to use each method for optimal cybersecurity protection.
From doctor to pentester: Archana Singh’s inspiring journey into cybersecurity shows how passion and resilience can shape new careers.
Explore the journeys of women in cybersecurity at OnSecurity, with insights from Product Manager Beth Watts on navigating and thriving in tech.
OnSecurity’s CEO emphasises a merit-based hiring approach, career development, and life/work balance. By nurturing talent, fostering a supportive workplace, and offering flexibility, OnSecurity has boosted productivity and employee satisfaction.
Learn how Mike Oram, VP of engineering at OnSecurity, taught himself coding, and how to navigate coding in the age of AI.
Explore API pen testing, its benefits, common vulnerabilities, and best practices to strengthen your business’s security posture.
Discover the purpose of PCI DSS: securing card payments. OnSecurity offers PCI segmentation pentesting for businesses, ensuring a secure payment environment.
The risks of typosquatting and its implications for online security. Explore cybercriminal tactics, real-world cases, and protective measures for your brand.
Radar by OnSecurity: an advanced tool for threat intelligence. Learn its role in enhancing security, achieving ISO certifications, and prioritising threats
Understand the Power of Secure Code: Enhance Business Security with Proactive Code Audits. Discover vulnerabilities, ensure compliance, and build trust.
Discover how we exploited a SSRF vulnerability in a web application to acquire API credentials and access AWS S3 buckets, showcasing cybersecurity risks.
Emphasising a critical cybersecurity practice: Avoid relying only on client-side measures for key security functions, and explore stronger alternatives.
Discover OnSecurity’s innovative approach to penetration testing. Our client-collaborative efforts have streamlined booking to just 5 minutes for efficiency.
Experience real-time communication with your penetration test testers during the testing process for enhanced collaboration and continuous timely updates.
Look into IT Security through the eyes of a pen-tester. We’ll uncover the inner workings and provide in-depth insights for a comprehensive understanding.
Unveiling the origins of the first PC virus prank. Dive into the history of pioneering cyber mischief and understand the Elk Cloner Virus in OnSecurity’s blog.
The term “penetration testing” or “pentesting” might be familiar, but the different types available—and how each can enhance your business’s
Sometimes referred to as ‘internal infrastructure tests’, or ‘internal network tests’, internal penetration tests are the backbone of any thorough
Ethical hacking and penetration testing are essential cybersecurity practices that uncover security vulnerabilities by simulating attacks on an organisation’s network.
External penetration testing methodology: what is it and how does it work? External penetration testing is a crucial cybersecurity measure
Cybercriminals are no longer targeting just the big players. In fact, small businesses are firmly in their sights too. With
Cyber threats are evolving, and every business – large or small – faces potential risks. A single vulnerability in your
Mobile devices are firmly embedded as a huge part of daily life, and therefore making sure Android apps and devices
Penetration testing is a crucial investment in your organisation’s cybersecurity, but understanding the associated costs can be challenging. While there’s
External and internal penetration testing both exist as part of a broader cybersecurity strategy, supporting organisations in pinpointing vulnerabilities through
Firewall penetration testing is a method of locating, scoping, and penetrating a specific firewall to test an organisation’s network infrastructure.
Maximise your pentest impact with OnSecurity’s guide on leveraging reports to enhance your security posture and confidently and quickly share results
What is Penetration Testing? Penetration Testing, otherwise known as “pentesting” or ethical hacking, is the beating heart of all good
The best practices and essential strategies to fortify your cloud infrastructure, ensuring a robust security framework for your cloud-based operations.
Explore OnSecurity’s services and products for enhancing your organization’s security posture. Understand the importance of SOC 2 compliance requirements.
Cloud-native security systems are transforming the way businesses protect their digital assets. Built for the cloud, these systems offer dynamic
Welcome to our Pentest Files blog series. Each blog post will present an interesting or dangerous finding one of our
Discover now how our tester skillfully exploited multiple SQL injection vulnerabilities to extract valuable data from an application’s backend databases.
Highlighting a critical cybersecurity issue: Unauthorised access is inevitable wherever default credentials are used, underscoring the need for caution.
Discover the purpose of PCI DSS: securing card payments. OnSecurity offers PCI segmentation pentesting for businesses, ensuring a secure payment environment.
A simple bug in the ‘forgotten password’ mechanism led to a malicious takeover of an entire target application. Find out how this was fixed and secured.
Maximise your pentest impact with OnSecurity’s guide on leveraging reports to enhance your security posture and confidently and quickly share results
Welcome to our Pentest Files blog series. Each blog post will present an interesting or dangerous finding one of our
Welcome to our Pentest Files blog series. Each blog post will present an interesting or dangerous finding one of our
Explore Docker’s security aspects: Understand how taking precautions is crucial to avoid vulnerabilities in this widely-used containerization platform.
Explore our technique of using Server Side Request Forgery (SSRF) to successfully retrieve EC2 credentials, demonstrating advanced cybersecurity tactics.
Welcome to our Pentest Files blog series. Each blog post will present an interesting or dangerous finding one of our
Unveiling the risks of exposing AWS (amazon web services) keys, this article shares a real example from a recent pen test conducted by our expert testers.
Welcome to our Pentest Files blog series. Each blog post will present an interesting or dangerous finding one of our
Here Tristan demonstrates how to reset any user’s password by altering the password reset functionality, revealing a crucial cybersecurity vulnerability.
Welcome to our Pentest Files blog series. Each blog post will present an interesting or dangerous finding one of our
Congratulations! You just completed your penetration test. You’ve read the report, planned your mitigation strategies, and started executing on the
Emphasizing a critical cybersecurity practice: Avoid relying only on client-side measures for key security functions, and explore stronger alternatives.
Welcome to our Pentest Files blog series. Each blog post will present an interesting or dangerous finding one of our
Because so much of life is carried out online these days, it’s essential that you take all the necessary steps
The critical differences between a penetration test and a vulnerability scan are often misunderstood. While both processes work to protect
Vulnerability scans look for known vulnerabilities in your systems, while Penetration tests intend to exploit weaknesses in the architecture. How To Do….
Join Gus, explore advanced techniques for detecting and exploiting SQL Injection vulnerabilities in PostgreSQL-based web applications, ensuring robust security.
Explore the future of pentest reports as we unveil the next-generation approach. Discover what’s on the horizon for cybersecurity assessments and reporting.
Effortlessly obtain a penetration testing quote online without sales calls. Experience a streamlined, hassle-free process for your cybersecurity needs.
This post revolves around general analysis, exploitation and discovery of SQL Injection vulnerabilities in app using the Postgres DMBS. We
Maximise your pentest impact with OnSecurity’s guide on leveraging reports to enhance your security posture and confidently and quickly share results
Join Gus on a deep dive into crafting Jinja2 SSTI payloads from scratch. Explore bypass methods and various exploitation techniques in this insightful post.
Understand the Power of Secure Code: Enhance Business Security with Proactive Code Audits. Discover vulnerabilities, ensure compliance, and build trust.
Roles in software engineering are becoming more popular with advances in technology and require a key set of skills. Here we run through how to become a software engineer
Learn about spoofing in cyber security, how it works, common types, and how businesses can detect and protect against this growing cyber threat.
Learn how OnSecurity evolved from the vision of a few founders to an industry-leading pentest provider, as shared by one of its founding members.
Learn how iOS penetration testing uncovers vulnerabilities in your mobile apps, ensuring robust security and protecting user data on Apple devices.
What are the differences between ISO 27001 and SOC 2, Type 2? How can I choose the right cybersecurity framework for my organisation?
Ensure your Open Banking APIs meet regulatory standards with robust security testing. Learn key methods, risks, and compliance best practices.
Discover the top 10 fintech app security vulnerabilities found in 2025, plus practical fixes to help your team improve security and reduce cyber risk.
Learn the essentials of hashing in cyber security, its importance, and practical applications. Discover how it protects data integrity—read more now!
Ensure secure fintech mergers with penetration testing best practices. Learn how to reduce risk, protect data, and support due diligence during M&A deals.
Discover how often different industries may need to complete penetration testing to keep their businesses secure. Uncover which factors affect pentesting frequency.
Discover the true cost of a retail data breach and why regular penetration testing is a smart, ROI-positive investment, not just a compliance requirement.
Understand the most common high-impact penetration testing findings that OnSecurity’s testers discover and the steps to take to remediate them.
Discover the top 5 CREST-accredited penetration testing service providers in the UK, and find out what sets them apart. Uncover the best penetration testing services for your business.
Penetration tester Leonard Matara shares key insights on pentest pitfalls, security strategy, and the need for continuous testing.
Learn what quishing is, how it works, and why it’s a major threat to businesses. Protect your data with OnSecurity’s penetration testing services.
Discover how AI-powered penetration testing enhances traditional methods, boosts efficiency, and strengthens your security posture, combining human expertise with automation for smarter protection.
Learn how to save time and money on penetration testing with expert tips to balance cost, quality, and security.
Enhance your security posture with essential practices for effective pentest orchestration. Discover strategies that streamline processes and support your organisation.
Ransomware can cripple businesses by locking critical data and demanding payment. Learn what ransomware is, how it works, and how penetration testing can help prevent attacks.
What are the differences between ISO 27001 and SOC 2, Type 2? How can I choose the right cybersecurity framework for my organisation?
Learn the key differences between penetration testing and vulnerability scanning. Understand when to use each method for optimal cybersecurity protection.
Discover the differences between ethical hacking and penetration testing, how they protect your business from cyber threats, and when to choose each for security assessments.
Explore API pen testing, its benefits, common vulnerabilities, and best practices to strengthen your business’s security posture.
Explore OnSecurity’s services and products for enhancing your organisation’s security posture. Understand the importance of SOC 2 compliance requirements.
Unravel the essentials of ISO 27001 certification in this blog. Explore critical insights and guidelines for a robust security management system.
Radar by OnSecurity: an advanced tool for threat intelligence. Learn its role in enhancing security, achieving ISO certifications, and prioritising threats
Understand the Power of Secure Code: Enhance Business Security with Proactive Code Audits. Discover vulnerabilities, ensure compliance, and build trust.
Discover how we exploited a SSRF vulnerability in a web application to acquire API credentials and access AWS S3 buckets, showcasing cybersecurity risks.
Emphasising a critical cybersecurity practice: Avoid relying only on client-side measures for key security functions, and explore stronger alternatives.
Join our unique and growing pen-testing company and showcase your talent. We’re seeking skilled pen-testers who stand out from the crowd, apply here now!
You can now explore the purpose and process of penetration tests (pen-tests), authorised simulated cyber-attacks that assess the security of computer systems.
What is a penetration test and why should I get one? A penetration test (aka pen-test), is an authorised simulated
Discover effective strategies to streamline and simplify penetration testing. Learn how to alleviate the complexities for a more efficient testing process.
Smishing, a form of cyber-attack that uses SMS messages to deceive victims, is on the rise. By exploiting human trust,
Maximise your pentest impact with OnSecurity’s guide on leveraging reports to enhance your security posture and confidently and quickly share results
Many retailers face rising cyber threats. Discover key challenges and practical solutions to protect systems, data, and customer trust.
Exploring Cloud Security: Risks, Regulations & Remedies. Learn from incidents & strategies for robust cloud protection in an evolving digital landscape.
Discover how to mitigate financial risks from subdomain takeovers. Learn strategies to safeguard against reputational damage and data breaches.
Explore SSDLC stages: From planning to deployment. Learn how to secure web apps effectively with OnSecurity’s solutions.
How Can Businesses Overcome Cloud Security Challenges? The rapid global shift to cloud computing continues to gather momentum, and with
Defining Cybercrime What do you imagine when you think of a cybercriminal? Do you envision an erratic, reactive hacker, randomly
Explore the intricacies of this vital framework designed to fortify businesses against diverse cyber threats. Core principles and actionable guidance.
The risks of typosquatting and its implications for online security. Explore cybercriminal tactics, real-world cases, and protective measures for your brand.
Radar by OnSecurity: an advanced tool for threat intelligence. Learn its role in enhancing security, achieving ISO certifications, and prioritizing threats.
The best practices with OnSecurity’s cyber security checklist 2023. Identify crucial steps to protect data and systems from unauthorised access and threats.
Understanding the importance of cybersecurity for SaaS companies. Explore the awareness of threats and proactive measures to safeguard data and systems.
Is your business an easy target for hackers? A penetration test is the best way to know for sure. What
Dispelling misconceptions about cyber attack targets: Modern cybercrime is a complex, sophisticated industry. Gain insights into the evolving threat landscape.
Discover the essence of a penetration test (pentest) and its necessity. Get the answers to why you might require this crucial cybersecurity assessment.
Vulnerability Scanning isn’t rocket science, anyone with an internet connection and device can search for and find a tool within
Delve into effective vulnerability scanning strategy and adopt best practices. This guide offers a very comprehensive understanding of the role they play.
New report reveals increasing cyber threats to drilling rigs, potentially leading to severe safety incidents. Understand the emerging vulnerabilities.
Here we delve into the evolution of ransomware with OnSecurity’s article on Triple Extortion tactics that threaten not just data, but a companies reputation
CVE-2021-44228: A new high profile zero-day vulnerability affecting large number of Java applications through a vulnerable version of the widely-used library Apache log4j.
New research shows the prevalence of email phishing as the top cyber threat, tricking firms into revealing information through reputable sender disguises.
Explore the rise of social engineering threats. Understand how individuals are manipulated to divulge sensitive information, passwords, and financial details.
Protecting the data, valuables and account information related to your business has become even more vital as our workplaces have
Apple claims that its Mac computers are well protected by in-built antivirus features, and there is no need to worry about extra security – how true is this?
Delve into OnSecurity’s research on Go’s server-side template injection vulnerabilities, revealing potential for file reads and RCE exploits. Read more now.
This post explores each of the initial compromise methods for the TryHackMe x HackerOne CTF. Diving into the web security flaws and PHP tricks abused to gain access to the host webserver.
Learn 3 essential steps to enhance your cybersecurity posture, and effectively mitigate emerging zero-day vulnerabilities for comprehensive threat protection.
Explore the challenge of vulnerabilities exploited before fixes. Learn how to address security gaps and protect against threats in this insightful discussion.
Here you can discover the history and impact of MyDoom, the fastest spreading and most damaging computer virus to date, on OnSecurity’s informative blog post
Do you suspect a phishing attempt? Explore this guide for actionable steps on what to do next. Get assistance in handling potential phishing incidents.
CVE hunting within open-source applications – invaluable insights for identifying vulnerabilities, ensuring robust security in open-source software.
Dive deeper into Spear Phishing, a sophisticated cyber attack targeting specific individuals to gain unauthorized access to confidential data and files.
Recruitment companies are a prime target for hackers. We go over the main aspects that recruitment companies should be careful of with their CyberSecurity
Learn proactive cyber threat prevention through threat modeling. Discover how to anticipate and mitigate security incidents before they occur with this guide.
Phishing, a cyber-crime that targets victims through email, has become the most common form of online attack. Hackers will attempt
Safeguard your inbox against cyber threats. Explore our expert insights on spotting and avoiding phishing attempts to enhance your online security strategy.
7 effective strategies to improve your company’s security. Discover actionable steps to fortify your defences against cyber threats and safeguard your business.
Craig has delved into his research on CVE-2019-11510, uncovering over 736 vulnerable hosts and sharing insights on this critical cybersecurity threat.
Explore the financial implications of data breaches, a frequent occurrence in today’s digital world. Learn about the actual costs behind a data breach.
Recently I was tasked to conduct an external infrastructure penetration test against a select few IP addresses of a certain
Uncover the mechanics of ransomware and prevention strategies to safeguard your network against cybercriminal tactics with OnSecurity’s expert insights
Gain insight and learn responsible cURL usage and secure scripting practices in this essential OnSecurity blog on web requests and data transfers. Read now.
A Penetration Testing Pro shows how social engineering works in the real world. Hackers techniques, real-life examples and practical tips on staying safe.
Social Engineering – Definition Social Engineering is the name given to the behavioural techniques that cybercriminals use to manipulate their
Discover the challenges of managing extensive database audits and our innovative solution using Elasticsearch, a custom Node tool, and PostgreSQL triggers.
What’s the difference between Spear Phishing and regular spam? Unlike regular phishing emails which are sent out to masses of
Discover the process and insights behind making Rapid7’s Project Sonar accessible and searchable. Explore the journey now within cybersecurity now.
Discover how you use Burpsuite Collaborator persistently for enhanced cybersecurity testing. Now it’s possible to leverage this tool more effectively.
Get insights into email phishing from an Ethical Hacking Veteran. Learn common tactics with real-world examples and practical tips for businesses & Individuals
Explore Kerberos abuse techniques on Linux with our comprehensive guide. Delve into the available tools and methods for effective Kerberos exploitation.
Explore the buffer overflow vulnerability in Easy Chat Server 3.1. Gain insights into this security issue and how to successfully these mitigate risks.
Join Gus on a deep dive into crafting Jinja2 SSTI payloads from scratch. Explore bypass methods and various exploitation techniques in this insightful post.
Maximise your pentest impact with OnSecurity’s guide on leveraging reports to enhance your security posture and confidently and quickly share results
Join Gus on a deep dive into crafting Jinja2 SSTI payloads from scratch. Explore bypass methods and various exploitation techniques in this insightful post.
Understand the Power of Secure Code: Enhance Business Security with Proactive Code Audits. Discover vulnerabilities, ensure compliance, and build trust.
Roles in software engineering are becoming more popular with advances in technology and require a key set of skills. Here we run through how to become a software engineer
Learn about spoofing in cyber security, how it works, common types, and how businesses can detect and protect against this growing cyber threat.
Learn how OnSecurity evolved from the vision of a few founders to an industry-leading pentest provider, as shared by one of its founding members.
Learn how iOS penetration testing uncovers vulnerabilities in your mobile apps, ensuring robust security and protecting user data on Apple devices.
What are the differences between ISO 27001 and SOC 2, Type 2? How can I choose the right cybersecurity framework for my organisation?
Ensure your Open Banking APIs meet regulatory standards with robust security testing. Learn key methods, risks, and compliance best practices.
Discover the risks of using unsecured WiFi and learn effective strategies to protect your data. Read more to safeguard your online security today.
Discover the top 10 fintech app security vulnerabilities found in 2025, plus practical fixes to help your team improve security and reduce cyber risk.
Many retailers face rising cyber threats. Discover key challenges and practical solutions to protect systems, data, and customer trust.
Find out why you need to protect your business against zero-click malware. Discover the best ways to defend your business against attacks.
Learn what MFA fatigue is, why it poses a security risk, and discover practical steps businesses can take to prevent and mitigate it effectively.
Learn how to build effective cybersecurity policies for your small business. Practical steps to protect data, ensure compliance & reduce risks.
Discover how enterprise businesses can tackle remote working cybersecurity risks with pentesting, clear policies, and training.
Discover 5 effective ways to protect your business from deepfake scams, including employee training, testing processes, and AI-generated content detection.
Learn about brute force attacks in cyber security, how they work, types, signs to watch for, and ways to protect systems from unauthorised access and potential data breaches.
Learn about brute force attacks in cyber security, how they work, types, signs to watch for, and ways to protect systems from unauthorised access and potential data breaches.
From doctor to pentester: Archana Singh’s inspiring journey into cybersecurity shows how passion and resilience can shape new careers.
Explore the journeys of women in cybersecurity at OnSecurity, with insights from Product Manager Beth Watts on navigating and thriving in tech.
Explore OnSecurity’s services and products for enhancing your organisation’s security posture. Understand the importance of SOC 2 compliance requirements.
Discover the purpose of PCI DSS: securing card payments. OnSecurity offers PCI segmentation pentesting for businesses, ensuring a secure payment environment.
Unravel the essentials of ISO 27001 certification in this blog. Explore critical insights and guidelines for a robust security management system.
Explore the intricacies of this vital framework designed to fortify businesses against diverse cyber threats. Core principles and actionable guidance.
The risks of typosquatting and its implications for online security. Explore cybercriminal tactics, real-world cases, and protective measures for your brand.
Radar by OnSecurity: an advanced tool for threat intelligence. Learn its role in enhancing security, achieving ISO certifications, and prioritising threats
Understand the Power of Secure Code: Enhance Business Security with Proactive Code Audits. Discover vulnerabilities, ensure compliance, and build trust.
Discover how we exploited a SSRF vulnerability in a web application to acquire API credentials and access AWS S3 buckets, showcasing cybersecurity risks.
Emphasising a critical cybersecurity practice: Avoid relying only on client-side measures for key security functions, and explore stronger alternatives.
Phishing emails are very common. They are spam emails that land in your inbox or junk folder that imitate a
What is Email Phishing a Definition ‘Phishing’ is a cyberattack in which email is the weapon. Victims are tricked into
Protect your startup from threat with 7 key security tips. Expert insights to fortify your business against cyber threats and protect your startup’s IT
Explore these practical cybersecurity steps with OnSecurity’s guide. Make digital safety simple with seven effective measures to protect against hackers
Ready to experience the future of pentesting?
Discover how combining expert insight with automation leads to faster, more precise, and high-impact penetration testing.