In one of our previous posts, we noted that a popular tool – Responder – uses Basic Authentication prompts to harvest user credentials when they
Category: General security
Practical JSONP Injection
JSONP injection is a lesser known but quite widespread and dangerous vulnerability and it surfaced in the last years due to the high rate of
Penetration Testing in IT/ Security Assurance Projects
There are various cases when during an IT/ security assurance projects there are specific requirements to rely on penetration testing projects/ reports completed by a
Penetration Testing or Vulnerability Assessment – Which one should I choose?
In this post we will take a quick look at the differences between vulnerability assessment (VA) and penetration testing (PT). Furthermore, we’ll give a set of
When Cryptographic API Design Goes Wrong
Whether we like to admit it or not, failing to account for human factors and usability issues when designing secure systems can have unwanted consequences.
Concerns regarding the security of biometric authentication
More and more gadgets that we use these days (smart phones, smart watches, etc) try to make a personal connection with the owner via his
Security Café 