OnSecurity's Latest Articles, News and Industry Tips
Security should be important to everyone. Our blog features articles regarding your business’ security and different aspects to consider.
Discover proactive security testing: prevent breaches before they happen, enhance compliance, and secure AI/LLM systems
Move beyond one-off pentests. Learn how to build a continuous assurance programme with regular testing,
Discover how 2-step authentication secures business data from breaches. Compare MFA methods to strengthen your
Learn how supply chain attacks exploit third-party vulnerabilities and discover essential security measures to safeguard
Discover what hackers can learn about your business online and how external attack surface discovery
Discover the types of penetration testing, including network, web, mobile, cloud, API, and social engineering
Build a strong human firewall with effective security awareness training. Learn how to prevent social
Explore the pros and cons of public and private cloud computing to determine the best
Discover what an internal infrastructure test reveals about your systems. Gain insights to enhance security
If you’re running self-hosted GitHub Actions runners on AWS EC2, there’s a critical timing vulnerability
Discover what an ISMS is and how it enhances your organisation’s information security. Read our
Tom Keyte reflects on five years at OnSecurity- from infrastructure wins to security lessons, and
Discover the key differences between vulnerability assessment and penetration testing, and learn which approach is
Discover essential tools to efficiently assess your website’s vulnerabilities and enhance your website security, with
Discover what ISO 27001 entails and how it can enhance your information security. Read our
A computer hacker in the US was able to gain access to the water system of Oldsmar in Florida and successfully increased the amount of sodium hydroxide.
Dive into the alarming rise of Ryuk ransomware since 2018, which has accumulated over $150 million, showcasing its global financial impact and danger.
Uncover the latest threat looming over government servers. The newfound vulnerability impacts Microsoft systems, leaving government infrastructures at risk.
The continued impact of the pandemic has made working from home the new normal, rapidly accelerating digital transformation in companies
We love using Clubhouse to helps us develop our security projects
Launched in 2015, Wishbone is a social networking app that encourages users to have their say in comparisons of everything
Uncovering what went wrong with TravelEx. Investigating ransomware designed to take over the network and block access to file networks.
In this blog we uncover a huge data spill for Wishbone, revealing massive amounts of user data available for malicious actors to share and exploit.
What happened in 2014 when Sony became the victim of an attack? Explore how Wiper malware was deployed and crippled the large corporation’s network.
Defend against BlueKeep’s looming threats. Insights on securing systems from potential widespread attacks and common BlueKeep exploits. This blog will help you stay informed of threats.
Preventing complacency in testers is crucial to ensuring you have a successful test. Learn about why an alert and proactive testing approach is essential.
Join Gus on a deep dive into crafting Jinja2 SSTI payloads from scratch. Explore bypass methods and various exploitation techniques in this insightful post.
Understand the Power of Secure Code: Enhance Business Security with Proactive Code Audits. Discover vulnerabilities, ensure compliance, and build trust.
Roles in software engineering are becoming more popular with advances in technology and require a key set of skills. Here we run through how to become a software engineer
Learn about spoofing in cyber security, how it works, common types, and how businesses can detect and protect against this growing cyber threat.
Mobile devices are firmly embedded as a huge part of daily life, and therefore making sure Android apps and devices
Maximise your pentest impact with OnSecurity’s guide on leveraging reports to enhance your security posture and confidently and quickly share results
What is Penetration Testing? Penetration Testing, otherwise known as “pentesting” or ethical hacking, is the beating heart of all good
Explore OnSecurity’s services and products for enhancing your organization’s security posture. Understand the importance of SOC 2 compliance requirements.
Discover now how our tester skillfully exploited multiple SQL injection vulnerabilities to extract valuable data from an application’s backend databases.
Cloud-native security systems are transforming the way businesses protect their digital assets. Built for the cloud, these systems offer dynamic and scalable solutions to defend against evolving threats. In this blog, we’ll explore what cloud-native security systems are and why they’re essential for modern businesses.
Highlighting a critical cybersecurity issue: Unauthorised access is inevitable wherever default credentials are used, underscoring the need for caution.
Discover how one of our pentesters found that client-side security controls hadn’t been enabled in our customer’s target application, allowing them to access features reserved for paying customers, as well as how we fixed it.
Penetration testing is a mostly manual process carried out by experienced consultants, using some of the same methods and tools a real hacker would. You decide on the scope of your test with your consultant, set your target, and your tester will get to work attempting to breach it. This blog will explore the importance of pentesting for businesses and how to begin.
A simple bug in the ‘forgotten password’ and password reset mechanism led to a malicious takeover of an entire target application. Find out how this was fixed and secured.
Explore Docker’s security aspects: Understand how taking precautions is crucial to avoid vulnerabilities in this widely-used containerization platform.
Explore our technique of using Server Side Request Forgery (SSRF) to successfully retrieve EC2 credentials, demonstrating advanced cybersecurity tactics.
Unveiling the risks of exposing cloud acces keys – particularly in reference to AWS (amazon web services) keys. This article shares a real example from a recent pen test conducted by our expert testers.
Here Tristan demonstrates how to reset any user’s password by altering the password reset functionality, revealing a crucial cybersecurity vulnerability responsible for password reset bugs and consequential exploits.
Welcome to our Pentest Files blog series. Each blog post will present an interesting or dangerous finding one of our
Protecting the data, valuables and account information related to your business has become even more vital as our workplaces have
Apple claims that its Mac computers are well protected by in-built antivirus features, and there is no need to worry about extra security – how true is this?
This post explores each of the initial compromise methods for the TryHackMe x HackerOne CTF. Diving into the web security flaws and PHP tricks abused to gain access to the host webserver.
Delve into OnSecurity’s research on Go’s server-side template injection vulnerabilities, revealing potential for file reads and RCE exploits. Read more now.
Learn 3 essential steps to enhance your cybersecurity posture, and effectively mitigate emerging zero-day vulnerabilities for comprehensive threat protection.
Explore the challenge of vulnerabilities exploited before fixes. Learn how to address security gaps and protect against threats in this insightful discussion.
Here you can discover the history and impact of MyDoom, the fastest spreading and most damaging computer virus to date, on OnSecurity’s informative blog post
Explore the rise of social engineering threats. Understand how individuals are manipulated to divulge sensitive information, passwords, and financial details.
CVE hunting within open-source applications – invaluable insights for identifying vulnerabilities, ensuring robust security in open-source software.
Dive deeper into Spear Phishing, a sophisticated cyber attack targeting specific individuals to gain unauthorized access to confidential data and files.
Recruitment companies are a prime target for hackers. We go over the main aspects that recruitment companies should be careful of with their CyberSecurity
Learn proactive cyber threat prevention through threat modeling. Discover how to anticipate and mitigate security incidents before they occur with this guide.
Phishing, a cyber-crime that targets victims through email, has become the most common form of online attack. Hackers will attempt
Safeguard your inbox against cyber threats. Explore our expert insights on spotting and avoiding phishing attempts to enhance your online security strategy.
7 effective strategies to improve your company’s security. Discover actionable steps to fortify your defences against cyber threats and safeguard your business.
Ready to experience the future of pentesting?
Discover how combining expert insight with automation leads to faster, more precise, and high-impact penetration testing.