0-Day Vulnerability Identified In Java Spring Framework - CVE-2022-22965 (Spring4Shell)

A Code Injection attack is a scenario whereby a malicious actor can input code into a vulnerable application which is then read and...

Application-level attacks are those attacks that exploit weaknesses with a program itself rather than its underlying infrastructure. A...

Fingerprinting (also known as footprinting) is the process of enumerating a target online presence, often the first step when planning an...

Firewall cyber security definition A firewall is a network security device. A firewall is typically placed between security boundaries,...

API testing is a focused area of penetration testing, looking specifically at the APIs that allow intercommunication between systems....

An application penetration test is a focused engagement against a specific application. Its aim is to find application-level attacks and...

Intrusive Penetration Testing is Penetration Testing where the risk of potential system impact or outage is not mitigated. For example,...

Many people in a home or work environment these days have laptops and mobile phones which need to connect to the internet via a wireless...

Although Microsoft 365 has many built-in security features which can make the environment safe against attackers, this relies heavily on...

Penetration Testing as a Service (PTaaS), which is more commonly shortened to ‘Pen Test as a Service’ is the delivery of penetration...

Software/Secure/System Development Life-Cycle (SDLC) is a framework that defines key milestones during the development life cycle which...

Fuzzing is a method of testing areas that accept user input whether intended or unintended. It involves presenting the input area with a...

Sniffing is the technique or process of capturing (sniffing) data packets over a network. It is historically related to the harvesting of...

What is DNS? DNS or Domain Naming System is a fundamental component of modern-day networking. DNS can be likened to a phone book...

What is the difference between DevOps and DevSecOps? Development Operations (DevOps) and Development Security Operations (DevSecOps)...

Session hijacking is an attack that consists of exploiting the web applications users' session control in order to impersonate other...

What types of penetration testing do retail stores need? The types of penetration testing that retail stores need will directly be linked...

What is malicious code and what can it do? Malicious code usually performs actions against the user’s interest. This might be for example...

What are the prerequisites for doing CEH certification CEH or Certified Ethical Hacker (EC-Council) has a recommended requirement of two...