TL;DR The same JSON document can be parsed with different values across microservices, leading to a variety of potential security risks. If you... continue reading
What are the risks associated with overly permissive pod creation in Kubernetes? The answer varies based on which of the host’s namespaces and... continue reading
I'm excited to announce some new features that have been added to RMIScout. RMIScout is a tool to perform wordlist and brute-force attacks against... continue reading
In this article, we are going to discuss a variety of security risks to GraphQL deployments and migrations that we’ve seen during our client... continue reading
Whether you are migrating an on-premise deployment to a cloud provider tasked with deploying a new cloud-hosted application, or looking to improve... continue reading
The revival of HTTP request smuggling has led to devastating vulnerabilities in our modern application deployments. An HTTP request smuggled past... continue reading
As the old joke goes, the ‘S’ in “IoT’ stands for security. While (Internet of) Things can vary wildly in design robustness and overall security,... continue reading
In recent years, embedded device security has made its way into the public consciousness as attackers target the now ubiquitous smart devices in... continue reading
Java Remote Method Invocation (RMI) is a Java API that performs remote procedure calls and allows a client application to access or invoke the... continue reading
Apr 9, 2020 8:57:39 AM |
By
Greg Mortensen & Joe Sechman
INTRODUCTION When it comes to pen testing projects, precisely identifying a target’s underlying technologies is trivial. Accurately identifying... continue reading
