Have a question or comment? Submit your message through our contact form and a member of our team will get back to you within 24 hours.
Cyber attacks targeting large language model (LLM) based applications are increasing in both frequency and sophistication. Misconfigured chatbots, exposed APIs, and weak integrations with web, cloud, and mobile systems can quickly lead to data breaches, ransomware incidents, or service disruptions. To prevent these issues, organizations need focused cyber security services that understand how AI behaves […]
Medical devices now sit at the center of hospital networks, cloud platforms, and mobile apps, which makes them attractive targets for cyber attackers. A successful attack can expose sensitive medical data, disrupt life critical treatments, and put healthcare providers at risk of regulatory penalties. This article explains why medical device penetration testing is vital, what […]
Cyber threats don’t wait for next quarter’s test cycle. Verizon DBIR 2025 coverage shows attackers exploit vulnerabilities in about 5 days on average, while organizations take a median of 32 days to fully remediate key edge and VPN issues, which leaves a dangerous exposure gap. AI-Driven Penetration Testing blends smart automation with expert validation, and […]
How a Simple Test Brought Down a Server You sanitized your input fields for XSS? You might have opened a new door for attackers… Imagine this: You’re a developer at your company. After a penetration test, several issues were found in your app, some input fields have no limits on length or content. This leaves […]
Once Upon a Password Reset… You’ve just forgotten your password for a website. No big deal, you click “Forgot Password,” they send you a link, and you reset it. At the time the feature was designed, it was decided that this reset link would include a UUID token. The reasoning seemed sound—since UUIDs are unique, […]
Incentives Firestore security is an important topic for modern applications. Its wide usage and serverless architecture may cause security issues in the areas such as authentication, authorization, and data exposure. Especially they are exposed to data leakages, which may be caused by a non-serveless design approach. In a world of multi-tier applications, using a backend […]
More up-to-date Hackvertor game-changer techniques, code examples, and tips for advanced penetration testing and bug bounty. Intro Hackvertor is a Burp extension that programmatically extends Burp capabilities, by allowing you to embed neat code logic directly into HTTP requests sent/proxies by Burp and its extensions. Similar to Postman pre-request scripts. Here, I will try to […]
Introduction Many of us have probably been faced with testing an application with custom HTTP request authentication or message signing. The requests from these applications can be proxied but they have built-in replay protection mechanisms in some form. As such, it isn’t possible to resend these requests outside of the application therefore making all external […]
Introduction In this blogpost, we will review some of the basic components of a Firebase application from a Security Perspective and talk about common issues that don’t get enough attention. What is Firebase? Firebase is a complete backend as a service with many different features that we can plug straight into our applications. For example: There […]
Introduction The cleartextTrafficPermitted flag is one of the options in Android’s Network Security Configuration file. The online documentation (https://developer.android.com/training/articles/security-config) explains that from Android 9 (API level 28) and higher, it will be set by default to false and it is intended to prevent insecure communication attempts using clear-text HTTP originating from Android applications. OK, so what does this […]