Pentest

💥SUCCESS!!! 🎉 @_s_n_t successfully compromises the Samsung Galaxy S23 at #Pwn2Own Toronto 2023!! Well done Sam, amazing work 👏👏👏

Flying the Pentest flag worldwide! Huge well done to Richard Mason on reaching the summit of Island Peak (Imja Tse) in Nepal (6,189m).

As the Out of Office messages start to be put up, we wanted to wish everyone a very Merry Christmas from all of us here at Pentest Limited. *<]:{)

Happy thanksgiving to all our US clients, staff & friends. Have a great day!!

Using JSON Web Tokens (JWTs) for your application/API's session management? Richard Mason outlines some of the most common security issues we find during testing and how you can mitigate against them. buff.ly/3zulWOB

There is often a balance between convenience & security when it comes to password managers. Paul Johnston discusses these potential issues and shares the password he uses. buff.ly/3AqQL74

If you understand the likely steps of an attack, you can better protect your organisation. That's where the Cyber Kill Chain comes in. Mark Rose take a look at the Cyber Kill Chain and how it can be used to help improve your cybersecurity posture. buff.ly/3M251FL

Reporting isn't just a piece of paper or a pdf delivered at the end of a test, it's an ongoing process. See how we can tailor our reporting process to meet your specific needs and adapted to your ways of working. buff.ly/3Ab9XFE

Threat actors – who are they and what do they want from your organisation? Mark Rose takes a look at your technology stack, the threats and how you can improve your security posture - buff.ly/3XHdg15

We take a look at some of the most common, high-risk web application issues we identify throughout our testing. buff.ly/3MyNi9B

The CrowdStrike incident highlighted the importance of the digital supply chain & although not a hack, showed what could be done if a supplier were to be breached. So, how can organisations better secure their digital supply chain? We take a look: buff.ly/3tcepOJ

Are your cloud-based applications at heightened risk of cross-tenant attack? Paul Johnston discusses the issues and how you can go about creating a secure application architecture. buff.ly/3WsEpE1

Happy 4th of July to all our US clients, staff and friends!!!

Who is targeting your organisation? Mark Rose helps you get a clear picture of your technology stack, identify likely threat actors and ultimately, improve your cybersecurity posture. buff.ly/3XHdg15

Happy Birthday to us, Happy Birthday to us, Happy Birthday to Pentest, Happy Birthday to us!! 🎉 Pentest - 23 years old today! Here's to many more. Big thank you to everyone who has been involved in Pentest (past and present) for helping us get this far. 🙌

“I thought you were hackers. Surely you don’t need this?” Many clients are surprised when we ask for IPs to be whitelisted, creds to be provided or for access to source code for testing. There's a simple reason we ask, more info = more thorough testing. buff.ly/3PyD0bG

How secure are your web applications? We take a look at some of the common high-risk issues we find during our web app penetration testing - buff.ly/3MyNi9B

AI is all the rage & many organisations are starting to use AI technology to enhance their chatbots. But what security challenges do AI chatbots face? We outline some concerns & share practical steps to ensure your AI chatbots are as secure as possible. buff.ly/3Hxx8dL

[ZDI-24-087|CVE-2023-22817] (Pwn2Own) Western Digital MyCloud PR4100 RESTSDK Server-Side Request Forgery Vulnerability (CVSS 6.3; Credit: @_s_n_t of @pentestltd) zerodayinitiative.com/advisories/ZDI…

[ZDI-24-088|CVE-2023-22819] (Pwn2Own) Western Digital MyCloud PR4100 RESTSDK Uncontrolled Resource Consumption Denial-of-Service Vulnerability (CVSS 5.3; Credit: @_s_n_t of @pentestltd) zerodayinitiative.com/advisories/ZDI…

The web-based AI chatbots are coming!! 🤖 🤖 But what are the security challenges they face and how do you go about protecting them from threats, as well as the risk of manipulation and misuse. Michael Minchinton gives his security insights. buff.ly/3Hxx8dL