OnSecurity's Latest Articles, News and Industry Tips
Security should be important to everyone. Our blog features articles regarding your business’ security and different aspects to consider.
What are the differences between ISO 27001 and SOC 2, Type 2? How can I
Learn the key differences between penetration testing vs. vulnerability scanning. Understand when to use each
From doctor to pentester: Archana Singh’s inspiring journey into cybersecurity shows how passion and resilience
Explore the journeys of women in cybersecurity at OnSecurity, with insights from Product Manager Beth
OnSecurity’s CEO emphasises a merit-based hiring approach, career development, and life/work balance. By nurturing talent,
Discover the differences between ethical hacking and penetration testing, how they protect your business from
Learn how Mike Oram, VP of engineering at OnSecurity, taught himself coding, and how to
Explore API pen testing, its benefits, common vulnerabilities, and best practices to strengthen your business’s
Explore OnSecurity’s services and products for enhancing your organisation’s security posture. Understand the importance of
Unravel the essentials of ISO 27001 certification in this blog. Explore critical insights and guidelines
Explore the intricacies of this vital framework designed to fortify businesses against diverse cyber threats.
The risks of typosquatting and its implications for online security. Explore cybercriminal tactics, real-world cases,
Radar by OnSecurity: an advanced tool for threat intelligence. Learn its role in enhancing security,
Understanding the importance of cybersecurity for SaaS companies. Explore the awareness of threats and proactive
Discover how we exploited a SSRF vulnerability in a web application to acquire API credentials
Launched in 2015, Wishbone is a social networking app that encourages users to have their say in comparisons of everything
Uncovering what went wrong with TravelEx. Investigating ransomware designed to take over the network and block access to file networks.
In this blog we uncover a huge data spill for Wishbone, revealing massive amounts of user data available for malicious actors to share and exploit.
The continued impact of the pandemic has made working from home the new normal, rapidly accelerating digital transformation in companies
We love using Clubhouse to helps us develop our security projects
What happened in 2014 when Sony became the victim of an attack? Explore how Wiper malware was deployed and crippled the large corporation’s network.
Defend against BlueKeep’s looming threats. Insights on securing systems from potential widespread attacks and common BlueKeep exploits. This blog will help you stay informed of threats.
Preventing complacency in testers is crucial to ensuring you have a successful test. Learn about why an alert and proactive testing approach is essential.
Join Gus on a deep dive into crafting Jinja2 SSTI payloads from scratch. Explore bypass methods and various exploitation techniques in this insightful post.
Understand the Power of Secure Code: Enhance Business Security with Proactive Code Audits. Discover vulnerabilities, ensure compliance, and build trust.
Roles in software engineering are becoming more popular with advances in technology and require a key set of skills. Here we run through how to become a software engineer
Learn about spoofing in cyber security, how it works, common types, and how businesses can detect and protect against this growing cyber threat.
Learn how OnSecurity evolved from the vision of a few founders to an industry-leading pentest provider, as shared by one of its founding members.
Learn how iOS penetration testing uncovers vulnerabilities in your mobile apps, ensuring robust security and protecting user data on Apple devices.
What are the differences between ISO 27001 and SOC 2, Type 2? How can I choose the right cybersecurity framework for my organisation?
Discover the key differences between vulnerability assessment and penetration testing, and learn which approach is right for your security needs.
Discover what ISO 27001 entails and how it can enhance your information security. Read our comprehensive guide to strengthen your security framework.
Learn about LLM prompt injection attacks and exclusive tips and tricks on prompt injection defence in our latest expert blog.
LLM jailbreak guide: examples, attack types, and a practical testing checklist to identify vulnerabilities and boost model safety
Discover what AI red teaming is, why it’s essential for AI security, and how to start testing your systems for vulnerabilities before attackers do.
Discover how AI is transforming cybersecurity. Explore how hackers exploit AI, how defenders fight back, and who holds the upper hand in today’s AI cybersecurity battle
Discover essential LLM red teaming techniques to secure AI systems. Learn step-by-step frameworks, attack vectors & best practices.
Improve DevOps infrastructure security with post-pentest insights. Learn how to turn findings into action and protect your CI/CD pipeline effectively.
Explore the current cybersecurity AI arms race between hackers and defenders: how it’s being used, who has the edge, and what it means for the future.
Telecommunications providers are prime targets for nation-state actors and advanced persistent threats (APTs) due to their central role in national
Discover how generative AI is transforming cybersecurity for attackers and defenders. Learn the real risks, practical defensive applications, and future trends in AI-powered security.
Explore the rise of AI-generated code in vibe coding, its cybersecurity risks, and how to secure fast, intuitive development without sacrificing safety.
Penetration testing is a crucial investment in your organisation’s cybersecurity, but understanding the associated costs can be challenging. While there’s
External and internal penetration testing both exist as part of a broader cybersecurity strategy, supporting organisations in pinpointing vulnerabilities through
Firewall penetration testing is a method of locating, scoping, and penetrating a specific firewall to test an organisation’s network infrastructure.
New report reveals increasing cyber threats to drilling rigs, potentially leading to severe safety incidents. Understand the emerging vulnerabilities.
Here we delve into the evolution of ransomware with OnSecurity’s article on Triple Extortion ransomware tactics that threaten not just data, but a companies reputation
Learn how external vulnerability scanning can support your organisation in achieving operational resilience in this blog.
Delve into an effective external vulnerability scanning strategy and adopt best practices. This guide offers a very comprehensive understanding of the role they play.
New research shows the prevalence of email phishing as the top cyber threat, tricking firms into revealing information through reputable sender disguises.
CVE-2021-44228: A new high profile zero-day vulnerability affecting large number of Java applications through a vulnerable version of the widely-used library Apache log4j.
Explore the challenge of vulnerabilities exploited before fixes. Learn how to address security gaps and protect against threats in this insightful discussion.
Here you can discover the history and impact of MyDoom, the fastest spreading and most damaging computer virus to date, on OnSecurity’s informative blog post
Explore the rise of social engineering threats. Understand how individuals are manipulated to divulge sensitive information, passwords, and financial details.
Protecting the data, valuables and account information related to your business has become even more vital as our workplaces have
Apple claims that its Mac computers are well protected by in-built antivirus features, and there is no need to worry about extra security – how true is this?
Delve into OnSecurity’s research on Go’s server-side template injection vulnerabilities, revealing potential for file reads and RCE exploits. Read more now.
This post explores each of the initial compromise methods for the TryHackMe x HackerOne CTF. Diving into the web security flaws and PHP tricks abused to gain access to the host webserver.
Learn 3 essential steps to enhance your cybersecurity posture, and effectively mitigate emerging zero-day vulnerabilities for comprehensive threat protection.
Safeguard your inbox against cyber threats. Explore our expert insights on spotting and avoiding phishing attempts to enhance your online security strategy.
Ready to experience the future of pentesting?
Discover how combining expert insight with automation leads to faster, more precise, and high-impact penetration testing.
