If you missed the PtaaS Exchange in person, join us virtually to learn how to improve your security program in 2023.

Pentester Guides (7)

Pentest Workflow — Leveraging Community-Powered Tools

As a pentester, I like to look for ways to leverage automation so I can focus my efforts on bugs that are hard to...
Apr 14, 2020
Est Read Time: 3 min

Anatomy of Authentication Tests

Introduction Authentication, as OWASP states, is the process of verifying that an individual, entity, or website is who...
Mar 5, 2020
Est Read Time: 4 min

The Anatomy of Deserialization Attacks

What is Deserialization? Serialization is the process of turning some object into a data format that can be restored...
Jan 23, 2020
Est Read Time: 7 min

Understanding the Anatomy of an Attack

Notable, high-impact security breaches sadly make regular headlines. You might be tempted to dismiss the latest as just...
Nov 21, 2019
Est Read Time: 9 min

How to Scope a Network Penetration Test: Tips from an Expert Pentester

During a network pentest engagement, time is of the essence. A pentester has a fixed amount of time, typically two...
Oct 3, 2019
Est Read Time: 4 min

A Pentester’s Favorite Vulnerability Scanning Tools

It’s important to note that a vulnerability scan is not a pentest. Automation isn’t a bad thing, it’s actually...
Sep 27, 2019
Est Read Time: 3 min

Is Your Serverless App Secure?

In the past few months, I’ve hosted several sessions on serverless security for serverless developers and DevOps folks....
Aug 6, 2019
Est Read Time: 4 min

How customer collaboration during a pentest can lead to finding a Remote Code Execution (RCE)

I was asked to share a blog post about a Remote Code Execution vulnerability that I identified in a past pentest....
Apr 9, 2019
Est Read Time: 2 min

From SSRF to Port Scanner

How to convert a SSRF vulnerability into a Port Scanner
Mar 18, 2019
Est Read Time: 4 min
    4 5 6 7 8