OnSecurity's Latest Articles, News and Industry Tips
Security should be important to everyone. Our blog features articles regarding your business’ security and different aspects to consider.
Discover the key differences between vulnerability assessment and penetration testing, and learn which approach is
Discover essential tools to efficiently assess your website’s vulnerabilities and enhance your website security, with
Discover what ISO 27001 entails and how it can enhance your information security. Read our
The EU AI Act sets strict rules for AI providers and users. Learn who it
OnSecurity secures award highlighting the breakthrough year of growth, innovation and AI-augmented cybersecurity
Discover the top emerging AI security risks in 2026, including AI-driven phishing, autonomous agents, model
Build a proactive cybersecurity culture. Learn how CISOs can drive lasting behavioural change, boost awareness,
Matt Moses leads OnSecurity’s Movember efforts, raising funds and awareness for men’s health through running
Turn penetration test results into action. Follow this step-by-step remediation checklist to fix vulnerabilities and
Learn 9 key cybersecurity metrics boards care about to prove ROI, reduce risk, and align
Discover proven strategies to recognise and prevent phishing attacks, strengthen employee defences, and protect your
Explore the top penetration testing challenges CISOs face in 2025 and how AI-powered continuous pentesting
Learn about LLM prompt injection attacks and exclusive tips and tricks on prompt injection defence
LLM jailbreak guide: examples, attack types, and a practical testing checklist to identify vulnerabilities and
Discover what AI red teaming is, why it’s essential for AI security, and how to
Protect your business from phishing scams with these 5 essential tips. Learn how to avoid phishing attacks and safeguard your data from cybercriminals.
What are the differences between ISO 27001 and SOC 2, Type 2? How can I choose the right cybersecurity framework for my organisation?
Learn the key differences between penetration testing vs. vulnerability scanning. Understand when to use each method for optimal cybersecurity protection.
From doctor to pentester: Archana Singh’s inspiring journey into cybersecurity shows how passion and resilience can shape new careers.
Explore the journeys of women in cybersecurity at OnSecurity, with insights from Product Manager Beth Watts on navigating and thriving in tech.
OnSecurity’s CEO emphasises a merit-based hiring approach, career development, and life/work balance. By nurturing talent, fostering a supportive workplace, and offering flexibility, OnSecurity has boosted productivity and employee satisfaction.
Learn how Mike Oram, VP of engineering at OnSecurity, taught himself coding, and how to navigate coding in the age of AI.
Explore API pen testing, its benefits, common vulnerabilities, and best practices to strengthen your business’s security posture.
The risks of typosquatting and its implications for online security. Explore cybercriminal tactics, real-world cases, and protective measures for your brand.
Radar by OnSecurity: an advanced tool for threat intelligence. Learn its role in enhancing security, achieving ISO certifications, and prioritising threats
Understanding the importance of cybersecurity for SaaS companies. Explore the awareness of threats and proactive measures to safeguard data and systems.
Discover how we exploited a SSRF vulnerability in a web application to acquire API credentials and access AWS S3 buckets, showcasing cybersecurity risks.
Delve into an overview of 2021’s significant data breaches. Explore the most notable incidents and learn from them for better data security practices.
Discover OnSecurity’s innovative approach to penetration testing. Our client-collaborative efforts have streamlined booking to just 5 minutes for efficiency.
Experience real-time communication with your penetration test testers during the testing process for enhanced collaboration and continuous timely updates.
Explore our technique of using Server Side Request Forgery (SSRF) to successfully retrieve EC2 credentials, demonstrating advanced cybersecurity tactics.
Unveiling the risks of exposing cloud acces keys – particularly in reference to AWS (amazon web services) keys. This article shares a real example from a recent pen test conducted by our expert testers.
Here Tristan demonstrates how to reset any user’s password by altering the password reset functionality, revealing a crucial cybersecurity vulnerability responsible for password reset bugs and consequential exploits.
Welcome to our Pentest Files blog series. Each blog post will present an interesting or dangerous finding one of our
Because so much of life is carried out online these days, it’s essential that you take all the necessary steps
Vulnerability scans look for known vulnerabilities in your systems, while penetration tests systemically exploit weaknesses in the architecture. Which is best for your organisation?
Explore the future of pentest reports as we unveil the next-generation approach. Discover what’s on the horizon for cybersecurity assessments and reporting.
Effortlessly obtain a penetration testing quote online without sales calls. Experience a streamlined, hassle-free process for your cybersecurity needs.
Join Gus, explore advanced techniques for detecting and exploiting SQL Injection vulnerabilities in PostgreSQL-based web applications, ensuring robust security.
This post revolves around general analysis, exploitation and discovery of SQL Injection vulnerabilities in app using the Postgres DMBS. We
Maximise your pentest impact with OnSecurity’s guide on leveraging reports to enhance your security posture and confidently and quickly share results
Join Gus on a deep dive into crafting Jinja2 SSTI payloads from scratch. Explore bypass methods and various exploitation techniques in this insightful post.
Understand the Power of Secure Code: Enhance Business Security with Proactive Code Audits. Discover vulnerabilities, ensure compliance, and build trust.
Roles in software engineering are becoming more popular with advances in technology and require a key set of skills. Here we run through how to become a software engineer
Learn about spoofing in cyber security, how it works, common types, and how businesses can detect and protect against this growing cyber threat.
7 effective strategies to improve your company’s security. Discover actionable steps to fortify your defences against cyber threats and safeguard your business.
Craig has delved into his research on CVE-2019-11510, uncovering over 736 vulnerable hosts and sharing insights on this critical cybersecurity threat.
Do you suspect a phishing attempt? Explore this guide for actionable steps on what to do next. Get assistance in handling potential phishing incidents.
CVE hunting within open-source applications – invaluable insights for identifying vulnerabilities, ensuring robust security in open-source software.
Dive deeper into Spear Phishing, a sophisticated cyber attack targeting specific individuals to gain unauthorized access to confidential data and files.
Recruitment companies are a prime target for hackers. We go over the main aspects that recruitment companies should be careful of with their CyberSecurity
Learn proactive cyber threat prevention through threat modeling. Discover how to anticipate and mitigate security incidents before they occur with this guide.
Phishing, a cyber-crime that targets victims through email, has become the most common form of online attack. Hackers will attempt
Uncover the mechanics of ransomware and prevention strategies to safeguard your network against cybercriminal tactics with OnSecurity’s expert insights
Explore the financial implications of data breaches, a frequent occurrence in today’s digital world. Learn about the actual costs behind a data breach.
Recently I was tasked to conduct an external infrastructure penetration test against a select few IP addresses of a certain
Get insights into email phishing from an Ethical Hacking Veteran. Learn common tactics with real-world examples and practical tips for businesses & Individuals
Discover how you use Burpsuite Collaborator persistently for enhanced cybersecurity testing. Now it’s possible to leverage this tool more effectively.
Explore Kerberos abuse techniques on Linux with our comprehensive guide. Delve into the available tools and methods for effective Kerberos exploitation.
Explore the buffer overflow vulnerability in Easy Chat Server 3.1. Gain insights into this security issue and how to successfully these mitigate risks.
Ready to experience the future of pentesting?
Discover how combining expert insight with automation leads to faster, more precise, and high-impact penetration testing.
