OnSecurity's Latest Articles, News and Industry Tips
Security should be important to everyone. Our blog features articles regarding your business’ security and different aspects to consider.
Cloud-native security systems are transforming the way businesses protect their digital assets. Built for the cloud, these systems offer dynamic
Discover the purpose of PCI DSS: securing card payments. OnSecurity offers PCI segmentation pentesting for businesses, ensuring a secure payment
Uncover strategies for recognizing impending phishing attacks. This post details our proactive approach in warning a customer about a serious
Here Tristan demonstrates how to reset any user’s password by altering the password reset functionality, revealing a crucial cybersecurity vulnerability
Unveiling the risks of exposing cloud acces keys – particularly in reference to AWS (amazon web services) keys. This article
Explore our technique of using Server Side Request Forgery (SSRF) to successfully retrieve EC2 credentials, demonstrating advanced cybersecurity tactics.
Explore Docker’s security aspects: Understand how taking precautions is crucial to avoid vulnerabilities in this widely-used containerization platform.
The best practices with OnSecurity’s cyber security checklist 2023. Identify crucial steps to protect data and systems from unauthorised access
A simple bug in the ‘forgotten password’ and password reset mechanism led to a malicious takeover of an entire target
Penetration testing is a mostly manual process carried out by experienced consultants, using some of the same methods and tools
Discover how one of our pentesters found that client-side security controls hadn’t been enabled in our customer’s target application, allowing
Here we delve into the evolution of ransomware with OnSecurity’s article on Triple Extortion ransomware tactics that threaten not just
Delve into an effective external vulnerability scanning strategy and adopt best practices. This guide offers a very comprehensive understanding of
Discover why over half of UK businesses are hiring CISOs to combat cyber threats, with OnSecurity’s updated insights on the
New report reveals increasing cyber threats to drilling rigs, potentially leading to severe safety incidents. Understand the emerging vulnerabilities.
Many retailers face rising cyber threats. Discover key challenges and practical solutions to protect systems, data, and customer trust.
Protect your small business with our 7 essential cybersecurity tips. Learn about employee training, system updates, penetration testing, and MFA to safeguard against cyber threats and financial losses.
Discover how AI is transforming enterprise cybersecurity with smarter threat detection, proactive defence, and pentest automation.
Understanding the importance of cybersecurity for SaaS companies. Explore the awareness of threats and proactive measures to safeguard data and systems.
Duncan Butchart, VP of Sales at OnSecurity, shares insights into his 25-year career journey, the evolution of the cybersecurity industry, and how OnSecurity stands out with its expert team and customer-centric approach.
Learn what quishing is, how it works, and why it’s a major threat to businesses. Protect your data with OnSecurity’s penetration testing services.
Learn about brute force attacks in cyber security, how they work, types, signs to watch for, and ways to protect systems from unauthorised access and potential data breaches.
Ransomware can cripple businesses by locking critical data and demanding payment. Learn what ransomware is, how it works, and how penetration testing can help prevent attacks.
Protect your business from phishing scams with these 5 essential tips. Learn how to avoid phishing attacks and safeguard your data from cybercriminals.
What are the differences between ISO 27001 and SOC 2, Type 2? How can I choose the right cybersecurity framework for my organisation?
Learn the key differences between penetration testing vs. vulnerability scanning. Understand when to use each method for optimal cybersecurity protection.
From doctor to pentester: Archana Singh’s inspiring journey into cybersecurity shows how passion and resilience can shape new careers.
Explore the journeys of women in cybersecurity at OnSecurity, with insights from Product Manager Beth Watts on navigating and thriving in tech.
OnSecurity’s CEO emphasises a merit-based hiring approach, career development, and life/work balance. By nurturing talent, fostering a supportive workplace, and offering flexibility, OnSecurity has boosted productivity and employee satisfaction.
Learn how Mike Oram, VP of engineering at OnSecurity, taught himself coding, and how to navigate coding in the age of AI.
Discover essential LLM red teaming techniques to secure AI systems. Learn step-by-step frameworks, attack vectors & best practices.
Improve DevOps infrastructure security with post-pentest insights. Learn how to turn findings into action and protect your CI/CD pipeline effectively.
Explore the current cybersecurity AI arms race between hackers and defenders: how it’s being used, who has the edge, and what it means for the future.
Telecommunications providers are prime targets for nation-state actors and advanced persistent threats (APTs) due to their central role in national
Discover how generative AI is transforming cybersecurity for attackers and defenders. Learn the real risks, practical defensive applications, and future trends in AI-powered security.
Explore the rise of AI-generated code in vibe coding, its cybersecurity risks, and how to secure fast, intuitive development without sacrificing safety.
Penetration testing is a crucial investment in your organisation’s cybersecurity, but understanding the associated costs can be challenging. While there’s
External and internal penetration testing both exist as part of a broader cybersecurity strategy, supporting organisations in pinpointing vulnerabilities through
Firewall penetration testing is a method of locating, scoping, and penetrating a specific firewall to test an organisation’s network infrastructure.
The term “penetration testing” or “pentesting” might be familiar, but the different types available—and how each can enhance your business’s
Sometimes referred to as ‘internal infrastructure tests’, or ‘internal network tests’, internal penetration tests are the backbone of any thorough
Ethical hacking and penetration testing are essential cybersecurity practices that uncover security vulnerabilities by simulating attacks on an organisation’s network.
External penetration testing methodology: what is it and how does it work? External penetration testing is a crucial cybersecurity measure
Cybercriminals are no longer targeting just the big players. In fact, small businesses are firmly in their sights too. With
Cyber threats are evolving, and every business – large or small – faces potential risks. A single vulnerability in your network infrastructure can lead to data breaches, financial losses and reputational damage. Network penetration testing is a proactive approach to uncover and address these vulnerabilities.
Explore the intricacies of this vital framework designed to fortify businesses against diverse cyber threats. Core principles and actionable guidance.
The risks of typosquatting and its implications for online security. Explore cybercriminal tactics, real-world cases, and protective measures for your brand.
The best practices with OnSecurity’s cyber security checklist 2023. Identify crucial steps to protect data and systems from unauthorised access and threats.
Penetration testing is a mostly manual process carried out by experienced consultants, using some of the same methods and tools a real hacker would. You decide on the scope of your test with your consultant, set your target, and your tester will get to work attempting to breach it. This blog will explore the importance of pentesting for businesses, and how to begin.
New report reveals increasing cyber threats to drilling rigs, potentially leading to severe safety incidents. Understand the emerging vulnerabilities.
Here we delve into the evolution of ransomware with OnSecurity’s article on Triple Extortion ransomware tactics that threaten not just data, but a companies reputation
Learn how external vulnerability scanning can support your organisation in achieving operational resilience in this blog.
Delve into an effective external vulnerability scanning strategy and adopt best practices. This guide offers a very comprehensive understanding of the role they play.
New research shows the prevalence of email phishing as the top cyber threat, tricking firms into revealing information through reputable sender disguises.
CVE-2021-44228: A new high profile zero-day vulnerability affecting large number of Java applications through a vulnerable version of the widely-used library Apache log4j.
Here you can discover the history and impact of MyDoom, the fastest spreading and most damaging computer virus to date, on OnSecurity’s informative blog post
Explore the rise of social engineering threats. Understand how individuals are manipulated to divulge sensitive information, passwords, and financial details.
Protecting the data, valuables and account information related to your business has become even more vital as our workplaces have
Apple claims that its Mac computers are well protected by in-built antivirus features, and there is no need to worry about extra security – how true is this?
Delve into OnSecurity’s research on Go’s server-side template injection vulnerabilities, revealing potential for file reads and RCE exploits. Read more now.
Ready to experience the future of pentesting?
Discover how combining expert insight with automation leads to faster, more precise, and high-impact penetration testing.