On a recent engagement, we found an instance of GraphQL on a server and I noticed that there are not many articles describing the different
Category: General security

Identifying vulnerabilities and potential victims
Introduction Nowadays, the cybersecurity field is becoming more and more important in everyday life as technologies evolve continuously and more malicious people, so-called hackers, want
Phishy Basic Authentication prompts
In one of our previous posts, we noted that a popular tool – Responder – uses Basic Authentication prompts to harvest user credentials when they
Practical JSONP Injection
JSONP injection is a lesser known but quite widespread and dangerous vulnerability and it surfaced in the last years due to the high rate of
Penetration Testing in IT/ Security Assurance Projects
There are various cases when during an IT/ security assurance projects there are specific requirements to rely on penetration testing projects/ reports completed by a