Have a question or comment? Submit your message through our contact form and a member of our team will get back to you within 24 hours.
Cyber threats don’t wait for next quarter’s test cycle. Verizon DBIR 2025 coverage shows attackers exploit vulnerabilities in about 5 days on average, while organizations take a median of 32 days to fully remediate key edge and VPN issues, which leaves a dangerous exposure gap. AI-Driven Penetration Testing blends smart automation with expert validation, and […]
Why Authentication Needs to Evolve In today’s threat landscape, relying solely on usernames and passwords is no longer sufficient to protect sensitive systems. Authentication mechanisms have become increasingly complex, driven by the need to support Single Page Applications (SPAs), mobile-first platforms, third-party integrations, and hybrid cloud environments. While this evolution has brought greater user convenience, […]
As organizations increasingly rely on web services, particularly SOAP-based services, ensuring robust security through meticulous Web Services Testing has become critical. One common and significant vulnerability in these services is XML External Entity (XXE) Injection. This guide will demonstrate how comprehensive Web Services Testing can identify and mitigate such risks. What is XML External Entity […]
Software application security testing is essential in safeguarding applications against vulnerabilities and potential cyber-attacks. With increasing threats, ensuring the security of applications through thorough testing is crucial for protecting sensitive data and maintaining user trust. Common Types of Software Security Hacks and Vulnerabilities 1. Injection Attacks Injection attacks involve inserting malicious code into applications, often […]
by Tal Melamed In almost every Android application, developers expose activities without sufficient protections. Exposing activities can lead to various attacks. For example, an attacker or a malicious app installed on the same device, can call those exposed activities to invoke internal pages of the application. Calling internal pages puts the application at risk of […]
Introduction to Data Protection In the world of information security it is highly advised to implement security solutions in layers. Solutions such as authentication, authorization, input validation and others help us maintain order and security when dealing with access to data. It is important to note that these techniques do not help with the data […]
Secure Development Lifecycle for Open Source Usage by Yaron Hakon Preface How do we adjust the SDL (Security Development Lifecycle) process for the growing use of open source in internal/external systems we develop and maintain? This is a question I hear a lot lately from our customers in some recent SDL projects we […]
Introduction In this blogpost, we will review some of the basic components of a Firebase application from a Security Perspective and talk about common issues that don’t get enough attention. What is Firebase? Firebase is a complete backend as a service with many different features that we can plug straight into our applications. For example: There […]
Introduction The cleartextTrafficPermitted flag is one of the options in Android’s Network Security Configuration file. The online documentation (https://developer.android.com/training/articles/security-config) explains that from Android 9 (API level 28) and higher, it will be set by default to false and it is intended to prevent insecure communication attempts using clear-text HTTP originating from Android applications. OK, so what does this […]
A brute force attack is a well-known technique of trial and error attempts used by attackers to gain access to unauthorized data. It can be leveraged against servers as an online attack and also against files as a local attack. The common denominator of all these types is that the same pattern is almost always […]