PNPT: Certification Review
Daniel Pizarro // What is the PNPT? The Practical Network Penetration Tester (PNPT), created by TCM Security (TCMS), is a 5-day ethical hacking certification exam that assesses a pentester’s ability […]
Web App
Forward into 2023: Browser and O/S Security Features
Joff Thyer // Introduction We have already arrived at the end of 2022; wow, that was fast. As with any industry or aspect of life, we find ourselves peering into […]
Lessons Learned While Pentesting GraphQL
Sean Verity // GraphQL is one of those technologies that I heard about several years ago but had not encountered during an actual pentest. After reading a blog or two, […]
For Web Content Discovery, Who You Gonna Call? Gobuster!
Melissa Bruno // One of the best early steps to take when testing a network, especially a large one, is to run the tool EyeWitness to gain a quick understanding […]
Web App Pen Testing in an Angular Context
Joff Thyer // If you are a fan of web application pen testing, you have been spoiled with a lot of easy pickings over the years. We all love our […]
How To Rotate Your Source IP Address
Darin Roberts// IP-Go-Round – Source IP Rotation I was on an engagement recently that was blocking my password sprays based on my IP address. If I made 3 incorrect requests […]
CORS Lite
Dakota Nelson// Cross Origin Request Sharing (CORS) is complicated, and that complexity creates a lot of places where security vulnerabilities can sneak in. This article will give you a “lite” […]
WEBCAST: Web App Assessments for Non-Majors
BB King // BB King looks at testing modern web apps in that “enterprise environment” so many of us inhabit. Taking the perspective of the Lonely Application Security Person in […]
When Infosec and Weed Collide: Handling Administrative Actions Safely
BB King//* The state of Ohio recently validated a webapp pentest finding that sometimes goes overlooked. It relates to the details of administrative functions, how they can be abused, and […]