OnSecurity's Latest Articles, News and Industry Tips
Security should be important to everyone. Our blog features articles regarding your business’ security and different aspects to consider.
Learn how supply chain attacks exploit third-party vulnerabilities and discover essential security measures to safeguard
Discover what hackers can learn about your business online and how external attack surface discovery
Discover the types of penetration testing, including network, web, mobile, cloud, API, and social engineering
Build a strong human firewall with effective security awareness training. Learn how to prevent social
Explore the pros and cons of public and private cloud computing to determine the best
Discover what an internal infrastructure test reveals about your systems. Gain insights to enhance security
If you’re running self-hosted GitHub Actions runners on AWS EC2, there’s a critical timing vulnerability
Discover what an ISMS is and how it enhances your organisation’s information security. Read our
Tom Keyte reflects on five years at OnSecurity- from infrastructure wins to security lessons, and
Discover the key differences between vulnerability assessment and penetration testing, and learn which approach is
Discover essential tools to efficiently assess your website’s vulnerabilities and enhance your website security, with
Discover what ISO 27001 entails and how it can enhance your information security. Read our
The EU AI Act sets strict rules for AI providers and users. Learn who it
OnSecurity secures award highlighting the breakthrough year of growth, innovation and AI-augmented cybersecurity
Discover the top emerging AI security risks in 2026, including AI-driven phishing, autonomous agents, model
Discover OnSecurity’s innovative approach to penetration testing. Our client-collaborative efforts have streamlined booking to just 5 minutes for efficiency.
Experience real-time communication with your penetration test testers during the testing process for enhanced collaboration and continuous timely updates.
Look into IT Security through the eyes of a pen-tester. We’ll uncover the inner workings and provide in-depth insights for a comprehensive understanding.
Unveiling the origins of the first PC virus prank. Dive into the history of pioneering cyber mischief and understand the Elk Cloner Virus in OnSecurity’s blog.
Discover now how our tester skillfully exploited multiple SQL injection vulnerabilities to extract valuable data from an application’s backend databases.
Highlighting a critical cybersecurity issue: Unauthorised access is inevitable wherever default credentials are used, underscoring the need for caution.
Cloud-native security systems are transforming the way businesses protect their digital assets. Built for the cloud, these systems offer dynamic and scalable solutions to defend against evolving threats. In this blog, we’ll explore what cloud-native security systems are and why they’re essential for modern businesses.
Explore OnSecurity’s services and products for enhancing your organization’s security posture. Understand the importance of SOC 2 compliance requirements.
Explore Docker’s security aspects: Understand how taking precautions is crucial to avoid vulnerabilities in this widely-used containerization platform.
Explore our technique of using Server Side Request Forgery (SSRF) to successfully retrieve EC2 credentials, demonstrating advanced cybersecurity tactics.
Unveiling the risks of exposing cloud acces keys – particularly in reference to AWS (amazon web services) keys. This article shares a real example from a recent pen test conducted by our expert testers.
Here Tristan demonstrates how to reset any user’s password by altering the password reset functionality, revealing a crucial cybersecurity vulnerability responsible for password reset bugs and consequential exploits.
Discover how one of our pentesters found that client-side security controls hadn’t been enabled in our customer’s target application, allowing them to access features reserved for paying customers, as well as how we fixed it.
A simple bug in the ‘forgotten password’ and password reset mechanism led to a malicious takeover of an entire target application. Find out how this was fixed and secured.
Welcome to our Pentest Files blog series. Each blog post will present an interesting or dangerous finding one of our
Because so much of life is carried out online these days, it’s essential that you take all the necessary steps
Vulnerability scans look for known vulnerabilities in your systems, while penetration tests systemically exploit weaknesses in the architecture. Which is best for your organisation?
Effortlessly obtain a penetration testing quote online without sales calls. Experience a streamlined, hassle-free process for your cybersecurity needs.
Join Gus, explore advanced techniques for detecting and exploiting SQL Injection vulnerabilities in PostgreSQL-based web applications, ensuring robust security.
Smishing, a form of cyber-attack that uses SMS messages to deceive victims, is on the rise. By exploiting human trust,
Discover how to mitigate financial risks from subdomain takeovers. Learn strategies to safeguard against reputational damage and data breaches.
Explore SSDLC stages: From planning to deployment. Learn how to secure web apps effectively with OnSecurity’s solutions.
Exploring Cloud Security: Risks, Regulations & Remedies. Learn from incidents & strategies for robust cloud protection in an evolving digital landscape.
How would we define Cybercrime? What do you imagine when you think of a cybercriminal? Do you envision an erratic,
Radar by OnSecurity: an advanced tool for threat intelligence. Learn its role in enhancing security, achieving ISO certifications, and prioritizing threats.
The risks of typosquatting and its implications for online security. Explore cybercriminal tactics, real-world cases, and protective measures for your brand.
Explore the intricacies of this vital framework designed to fortify businesses against diverse cyber threats. Core principles and actionable guidance.
The best practices with OnSecurity’s cyber security checklist 2023. Identify crucial steps to protect data and systems from unauthorised access and threats.
Penetration testing is a mostly manual process carried out by experienced consultants, using some of the same methods and tools a real hacker would. You decide on the scope of your test with your consultant, set your target, and your tester will get to work attempting to breach it. This blog will explore the importance of pentesting for businesses, and how to begin.
New report reveals increasing cyber threats to drilling rigs, potentially leading to severe safety incidents. Understand the emerging vulnerabilities.
Here we delve into the evolution of ransomware with OnSecurity’s article on Triple Extortion ransomware tactics that threaten not just data, but a companies reputation
Learn how external vulnerability scanning can support your organisation in achieving operational resilience in this blog.
Delve into an effective external vulnerability scanning strategy and adopt best practices. This guide offers a very comprehensive understanding of the role they play.
New research shows the prevalence of email phishing as the top cyber threat, tricking firms into revealing information through reputable sender disguises.
Ready to experience the future of pentesting?
Discover how combining expert insight with automation leads to faster, more precise, and high-impact penetration testing.