OnSecurity's Latest Articles, News and Industry Tips
Security should be important to everyone. Our blog features articles regarding your business’ security and different aspects to consider.
Cloud-native security systems are transforming the way businesses protect their digital assets. Built for the
Uncover strategies for recognizing impending phishing attacks. This post details our proactive approach in warning
Here Tristan demonstrates how to reset any user’s password by altering the password reset functionality,
Unveiling the risks of exposing cloud acces keys – particularly in reference to AWS (amazon
Explore our technique of using Server Side Request Forgery (SSRF) to successfully retrieve EC2 credentials,
Explore Docker’s security aspects: Understand how taking precautions is crucial to avoid vulnerabilities in this
The best practices with OnSecurity’s cyber security checklist 2023. Identify crucial steps to protect data
A simple bug in the ‘forgotten password’ and password reset mechanism led to a malicious
Penetration testing is a mostly manual process carried out by experienced consultants, using some of
Discover how one of our pentesters found that client-side security controls hadn’t been enabled in
Here we delve into the evolution of ransomware with OnSecurity’s article on Triple Extortion ransomware
Delve into an effective external vulnerability scanning strategy and adopt best practices. This guide offers
Discover why over half of UK businesses are hiring CISOs to combat cyber threats, with
New report reveals increasing cyber threats to drilling rigs, potentially leading to severe safety incidents.
Explore how remote working can define an organisation’s agility and crisis response, all while also
Look into IT Security through the eyes of a pen-tester. We’ll uncover the inner workings and provide in-depth insights for a comprehensive understanding.
Unveiling the origins of the first PC virus prank. Dive into the history of pioneering cyber mischief and understand the Elk Cloner Virus in OnSecurity’s blog.
Enhance your security posture with essential practices for effective pentest orchestration. Discover strategies that streamline processes and support your organisation.
Ransomware can cripple businesses by locking critical data and demanding payment. Learn what ransomware is, how it works, and how penetration testing can help prevent attacks.
What are the differences between ISO 27001 and SOC 2, Type 2? How can I choose the right cybersecurity framework for my organisation?
Learn the key differences between penetration testing vs. vulnerability scanning. Understand when to use each method for optimal cybersecurity protection.
Discover the differences between ethical hacking and penetration testing, how they protect your business from cyber threats, and when to choose each for security assessments.
Explore API pen testing, its benefits, common vulnerabilities, and best practices to strengthen your business’s security posture.
Explore OnSecurity’s services and products for enhancing your organisation’s security posture. Understand the importance of SOC 2 compliance requirements.
Unravel the essentials of ISO 27001 certification in this blog. Explore critical insights and guidelines for a robust security management system.
Radar by OnSecurity: an advanced tool for threat intelligence. Learn its role in enhancing security, achieving ISO certifications, and prioritising threats
Discover how we exploited a SSRF vulnerability in a web application to acquire API credentials and access AWS S3 buckets, showcasing cybersecurity risks.
Join our unique and growing pen-testing company and showcase your talent. We’re seeking skilled pen-testers who stand out from the crowd, apply here now!
You can now explore the purpose and process of penetration tests (pen-tests), authorised simulated cyber-attacks that assess the security of computer systems.
What is a penetration test and why should I get one? A penetration test (aka pen-test), is an authorised simulated
Discover effective strategies to streamline and simplify penetration testing. Learn how to alleviate the complexities for a more efficient testing process.
Discover the key differences between vulnerability assessment and penetration testing, and learn which approach is right for your security needs.
Discover what ISO 27001 entails and how it can enhance your information security. Read our comprehensive guide to strengthen your security framework.
Discover the top emerging AI security risks in 2026, including AI-driven phishing, autonomous agents, model attacks, shadow AI, and governance gaps.
Build a proactive cybersecurity culture. Learn how CISOs can drive lasting behavioural change, boost awareness, and reduce cyber risks
Turn penetration test results into action. Follow this step-by-step remediation checklist to fix vulnerabilities and boost security.
Learn 9 key cybersecurity metrics boards care about to prove ROI, reduce risk, and align security with business goals.
Explore the top penetration testing challenges CISOs face in 2025 and how AI-powered continuous pentesting is reshaping security assurance.
Learn about LLM prompt injection attacks and exclusive tips and tricks on prompt injection defence in our latest expert blog.
LLM jailbreak guide: examples, attack types, and a practical testing checklist to identify vulnerabilities and boost model safety
Discover what AI red teaming is, why it’s essential for AI security, and how to start testing your systems for vulnerabilities before attackers do.
Discover how AI is transforming cybersecurity. Explore how hackers exploit AI, how defenders fight back, and who holds the upper hand in today’s AI cybersecurity battle
Discover essential LLM red teaming techniques to secure AI systems. Learn step-by-step frameworks, attack vectors & best practices.
Improve DevOps infrastructure security with post-pentest insights. Learn how to turn findings into action and protect your CI/CD pipeline effectively.
Explore the current cybersecurity AI arms race between hackers and defenders: how it’s being used, who has the edge, and what it means for the future.
Telecommunications providers are prime targets for nation-state actors and advanced persistent threats (APTs) due to their central role in national
Ready to experience the future of pentesting?
Discover how combining expert insight with automation leads to faster, more precise, and high-impact penetration testing.
