OnSecurity's Latest Articles, News and Industry Tips
Security should be important to everyone. Our blog features articles regarding your business’ security and different aspects to consider.
The term “penetration testing” or “pentesting” might be familiar, but the different types available—and how
Enforceable by January 2025, the EU’s Digital Operational Resilience Act (DORA) introduces a landmark EU
Firewall penetration testing is a method of locating, scoping, and penetrating a specific firewall to
External and internal penetration testing both exist as part of a broader cybersecurity strategy, supporting
Penetration testing is a crucial investment in your organisation’s cybersecurity, but understanding the associated costs
ISO 27001 and SOC 2, Type 2 are two of the most prominent regulatory frameworks
In the blink of an eye, artificial intelligence and emerging technology are shattering the old
Maximise your pentest impact with OnSecurity’s guide on leveraging reports to enhance your security posture
Many retailers face rising cyber threats. Discover key challenges and practical solutions to protect systems,
Discover what the Digital Operational Resilience Act (DORA) means for cybersecurity in the financial sector.
Discover how to mitigate financial risks from subdomain takeovers. Learn strategies to safeguard against reputational
Exploring Cloud Security: Risks, Regulations & Remedies. Learn from incidents & strategies for robust cloud
Explore SSDLC stages: From planning to deployment. Learn how to secure web apps effectively with
What is Penetration Testing? Penetration Testing, otherwise known as “pentesting” or ethical hacking, is the
For National Coding Week, we reached out to some of our software developers at OnSecurity
The myths surrounding cloud security hesitancy. Gain clarity on common misconceptions and make informed decisions about cloud-based security solutions.
Explore the methods targeting LinkedIn users through phishing scams and gain insights into the everyday tactics used by cybercriminals to exploit you further.
A computer hacker in the US was able to gain access to the water system of Oldsmar in Florida and successfully increased the amount of sodium hydroxide.
Dive into the alarming rise of Ryuk ransomware since 2018, which has accumulated over $150 million, showcasing its global financial impact and danger.
A compilation of tricks and checks for when a file upload is encountered in an offensive security test.
Unravel the simplicity of gRPC with Project Crobat. Learn to streamline development with gRPC and empower your projects. Dive into our blog for insights!
Delve into the fascinating narrative of how a love letter altered the landscape of computer security perpetually. Uncover this tale of technological evolution.
One of the biggest growing problems in computer security is the growing proliferation of cyberattacks which are far more open and threatening in nature.
Uncover the latest threat looming over government servers. The newfound vulnerability impacts Microsoft systems, leaving government infrastructures at risk.
Uncovering what went wrong with TravelEx. Investigating ransomware designed to take over the network and block access to file networks.
In this blog we uncover a huge data spill for Wishbone, revealing massive amounts of user data available for malicious actors to share and exploit.
The continued impact of the pandemic has made working from home the new normal, rapidly accelerating digital transformation in companies
We love using Clubhouse to helps us develop our security projects
Launched in 2015, Wishbone is a social networking app that encourages users to have their say in comparisons of everything
What happened in 2014 when Sony became the victim of an attack? Explore how Wiper malware was deployed and crippled the large corporation’s network.
Discover the key differences between web application pentesting vs network pentesting, when you need each type, and why both are essential for comprehensive security.
A practical guide to implementing Secure by Design in UK government product delivery. Covers risk-driven design, lifecycle security activities, compliance with the PSTI Act, and how regular penetration testing keeps your security posture continuously validated.
OnSecurity’s Pentest Files uncovers the latest vulnerabilities and real-life remediation steps to prevent businesses from malicious attack. In this article we find out how our Head of Pentesting is able to hijack admin invitations to bypass the login wall in our clients infrastructure.
Learn GDPR essentials: data protection principles, subject rights, breach management, and compliance tools to safeguard personal data effectively.
Learn how to secure SaaS applications with expert strategies for data protection, access control, compliance, and threat detection.
Learn what ISO 42001 is, why it matters, and how businesses can implement AI governance, manage risk, and align with EU AI Act compliance requirements.
Learn how often to conduct cloud penetration testing based on your compliance needs, risk profile and cloud maturity level, from security experts.
Protect patient data in healthcare with essential security measures, pentesting insights, and UK data protection guidance.
Discover proactive security testing: prevent breaches before they happen, enhance compliance, and secure AI/LLM systems with continuous validation
Move beyond one-off pentests. Learn how to build a continuous assurance programme with regular testing, monitoring, and clear metrics that security leaders can track.
Discover how 2-step authentication secures business data from breaches. Compare MFA methods to strengthen your security.
Learn how supply chain attacks exploit third-party vulnerabilities and discover essential security measures to safeguard your business from costly breaches.
Discover what hackers can learn about your business online and how external attack surface discovery helps you reduce risk and strengthen security.
Discover the types of penetration testing, including network, web, mobile, cloud, API, and social engineering tests. Learn how to choose the right pentest.
Build a strong human firewall with effective security awareness training. Learn how to prevent social engineering and strengthen employee defences.
Craig has delved into his research on CVE-2019-11510, uncovering over 736 vulnerable hosts and sharing insights on this critical cybersecurity threat.
Do you suspect a phishing attempt? Explore this guide for actionable steps on what to do next. Get assistance in handling potential phishing incidents.
Explore the financial implications of data breaches, a frequent occurrence in today’s digital world. Learn about the actual costs behind a data breach.
Recently I was tasked to conduct an external infrastructure penetration test against a select few IP addresses of a certain
Uncover the mechanics of ransomware and prevention strategies to safeguard your network against cybercriminal tactics with OnSecurity’s expert insights
Explore the buffer overflow vulnerability in Easy Chat Server 3.1. Gain insights into this security issue and how to successfully these mitigate risks.
A Penetration Testing Pro shows how social engineering works in the real world. Hackers techniques, real-life examples and practical tips on staying safe.
Gain insight and learn responsible cURL usage and secure scripting practices in this essential OnSecurity blog on web requests and data transfers. Read now.
Discover the challenges of managing extensive database audits and our innovative solution using Elasticsearch, a custom Node tool, and PostgreSQL triggers.
What is social engineering? This blog will define what is meant by ‘social engineering’ in cybersecurity, providing a breakdown of the behavioural techniques that cybercriminals use to manipulate their victims into giving up confidential information or allowing hackers access to secure areas.
Learn the definition of spear phishing and the potential threats it poses to businesses in this article, supported by real-life anecdotes of successful spear phishing attacks on organisations.
Discover the process and insights behind making Rapid7’s Project Sonar accessible and searchable. Explore the journey now within cybersecurity now.
Get insights into email phishing from an Ethical Hacking Veteran. Learn common tactics with real-world examples and practical tips for businesses & Individuals
Discover how you use Burpsuite Collaborator persistently for enhanced cybersecurity testing. Now it’s possible to leverage this tool more effectively.
Explore Kerberos abuse techniques on Linux with our comprehensive guide. Delve into the available tools and methods for effective Kerberos exploitation.
Ready to experience the future of pentesting?
Discover how combining expert insight with automation leads to faster, more precise, and high-impact penetration testing.