OnSecurity's Latest Articles, News and Industry Tips
Security should be important to everyone. Our blog features articles regarding your business’ security and different aspects to consider.
Dive deeper into Spear Phishing, a sophisticated cyber attack targeting specific individuals to gain unauthorized
The continued impact of the pandemic has made working from home the new normal, rapidly
Craig has delved into his research on CVE-2019-11510, uncovering over 736 vulnerable hosts and sharing
Recruitment companies are a prime target for hackers. We go over the main aspects that
In this blog we uncover a huge data spill for Wishbone, revealing massive amounts of
Uncovering what went wrong with TravelEx. Investigating ransomware designed to take over the network and
CVE hunting within open-source applications – invaluable insights for identifying vulnerabilities, ensuring robust security in
7 effective strategies to improve your company’s security. Discover actionable steps to fortify your defences
Safeguard your inbox against cyber threats. Explore our expert insights on spotting and avoiding phishing
Phishing, a cyber-crime that targets victims through email, has become the most common form of
Launched in 2015, Wishbone is a social networking app that encourages users to have their
Uncover the mechanics of ransomware and prevention strategies to safeguard your network against cybercriminal tactics
Explore the financial implications of data breaches, a frequent occurrence in today’s digital world. Learn
What happened in 2014 when Sony became the victim of an attack? Explore how Wiper
Recently I was tasked to conduct an external infrastructure penetration test against a select few
Defend against BlueKeep’s looming threats. Insights on securing systems from potential widespread attacks and common BlueKeep exploits. This blog will help you stay informed of threats.
Preventing complacency in testers is crucial to ensuring you have a successful test. Learn about why an alert and proactive testing approach is essential.
Join Gus on a deep dive into crafting Jinja2 SSTI payloads from scratch. Explore bypass methods and various exploitation techniques in this insightful post.
Understand the Power of Secure Code: Enhance Business Security with Proactive Code Audits. Discover vulnerabilities, ensure compliance, and build trust.
Roles in software engineering are becoming more popular with advances in technology and require a key set of skills. Here we run through how to become a software engineer
Learn about spoofing in cyber security, how it works, common types, and how businesses can detect and protect against this growing cyber threat.
Learn how OnSecurity evolved from the vision of a few founders to an industry-leading pentest provider, as shared by one of its founding members.
Learn how iOS penetration testing uncovers vulnerabilities in your mobile apps, ensuring robust security and protecting user data on Apple devices.
What are the differences between ISO 27001 and SOC 2, Type 2? How can I choose the right cybersecurity framework for my organisation?
Ensure your Open Banking APIs meet regulatory standards with robust security testing. Learn key methods, risks, and compliance best practices.
Discover the risks of using unsecured WiFi and learn effective strategies to protect your data. Read more to safeguard your online security today.
Discover the top 10 fintech app security vulnerabilities found in 2025, plus practical fixes to help your team improve security and reduce cyber risk.
Learn the essentials of hashing in cyber security, its importance, and practical applications. Discover how it protects data integrity—read more now!
Ensure secure fintech mergers with penetration testing best practices. Learn how to reduce risk, protect data, and support due diligence during M&A deals.
Discover the true cost of a retail data breach and why regular penetration testing is a smart, ROI-positive investment, not just a compliance requirement.
A simple bug in the ‘forgotten password’ and password reset mechanism led to a malicious takeover of an entire target application. Find out how this was fixed and secured.
Explore Docker’s security aspects: Understand how taking precautions is crucial to avoid vulnerabilities in this widely-used containerization platform.
Explore our technique of using Server Side Request Forgery (SSRF) to successfully retrieve EC2 credentials, demonstrating advanced cybersecurity tactics.
Unveiling the risks of exposing cloud acces keys – particularly in reference to AWS (amazon web services) keys. This article shares a real example from a recent pen test conducted by our expert testers.
Here Tristan demonstrates how to reset any user’s password by altering the password reset functionality, revealing a crucial cybersecurity vulnerability responsible for password reset bugs and consequential exploits.
Discover how one of our pentesters found that client-side security controls hadn’t been enabled in our customer’s target application, allowing them to access features reserved for paying customers, as well as how we fixed it.
Penetration testing is a mostly manual process carried out by experienced consultants, using some of the same methods and tools a real hacker would. You decide on the scope of your test with your consultant, set your target, and your tester will get to work attempting to breach it. This blog will explore the importance of pentesting for businesses and how to begin.
Welcome to our Pentest Files blog series. Each blog post will present an interesting or dangerous finding one of our
Because so much of life is carried out online these days, it’s essential that you take all the necessary steps
Vulnerability scans look for known vulnerabilities in your systems, while penetration tests systemically exploit weaknesses in the architecture. Which is best for your organisation?
Effortlessly obtain a penetration testing quote online without sales calls. Experience a streamlined, hassle-free process for your cybersecurity needs.
Join Gus, explore advanced techniques for detecting and exploiting SQL Injection vulnerabilities in PostgreSQL-based web applications, ensuring robust security.
Explore the future of pentest reports as we unveil the next-generation approach. Discover what’s on the horizon for cybersecurity assessments and reporting.
This post revolves around general analysis, exploitation and discovery of SQL Injection vulnerabilities in app using the Postgres DMBS. We
Maximise your pentest impact with OnSecurity’s guide on leveraging reports to enhance your security posture and confidently and quickly share results
Safeguard your inbox against cyber threats. Explore our expert insights on spotting and avoiding phishing attempts to enhance your online security strategy.
7 effective strategies to improve your company’s security. Discover actionable steps to fortify your defences against cyber threats and safeguard your business.
Explore the financial implications of data breaches, a frequent occurrence in today’s digital world. Learn about the actual costs behind a data breach.
Recently I was tasked to conduct an external infrastructure penetration test against a select few IP addresses of a certain
Uncover the mechanics of ransomware and prevention strategies to safeguard your network against cybercriminal tactics with OnSecurity’s expert insights
Explore Kerberos abuse techniques on Linux with our comprehensive guide. Delve into the available tools and methods for effective Kerberos exploitation.
Join Gus on a deep dive into crafting Jinja2 SSTI payloads from scratch. Explore bypass methods and various exploitation techniques in this insightful post.
Explore the buffer overflow vulnerability in Easy Chat Server 3.1. Gain insights into this security issue and how to successfully these mitigate risks.
A Penetration Testing Pro shows how social engineering works in the real world. Hackers techniques, real-life examples and practical tips on staying safe.
Gain insight and learn responsible cURL usage and secure scripting practices in this essential OnSecurity blog on web requests and data transfers. Read now.
Discover the challenges of managing extensive database audits and our innovative solution using Elasticsearch, a custom Node tool, and PostgreSQL triggers.
What is social engineering? This blog will define what is meant by ‘social engineering’ in cybersecurity, providing a breakdown of the behavioural techniques that cybercriminals use to manipulate their victims into giving up confidential information or allowing hackers access to secure areas.
Learn the definition of spear phishing and the potential threats it poses to businesses in this article, supported by real-life anecdotes of successful spear phishing attacks on organisations.
Discover the process and insights behind making Rapid7’s Project Sonar accessible and searchable. Explore the journey now within cybersecurity now.
Get insights into email phishing from an Ethical Hacking Veteran. Learn common tactics with real-world examples and practical tips for businesses & Individuals
Ready to experience the future of pentesting?
Discover how combining expert insight with automation leads to faster, more precise, and high-impact penetration testing.