Articles

Back

Penetration Testing: how often should you test?

The truth is, it’s very unlikely you’ll even get a strong answer from an organisation as to how frequently you should test. Even organisations like the NCSC, who offer guidance to UK businesses on how to stay secure, don’t give a direct answer to the question. However, they may comment ...

Selecting a PenTest Provider – Making a Good Decision

Choosing a PenTesting provider can be difficult, how do you know if they’re good at what they do and they’ll make working together easy? Perhaps you have a provider already, but they’ve not lived up to your expectations. Since choosing a testing provider is a critical part of your cybersecurity ...

Sweet32

Sweet32 describes a birthday attack on 64-bit block ciphers. This attack has been demonstrated against both 3DES and Blowfish, against both VPNs as well as HTTPS traffic. This attack allows an attacker who can perform an interception attack to decrypt small amounts of ciphertext, such as session tokens and other ...

How Can I Turn PenTesting from a Cost into a Competitive Advantage?

Regular penetration testing (e.g. often annual) carried out be experienced professional testers can seem expensive – and in these times, when every penny counts, its easy to make the mistake of thinking that pen testing is poor value. However, the truth is that pen testing used as part of a comprehensive ...

Penetration Testing: how do you get the most from your budget?

Ok, we get it: everyone is under pressure to squeeze every penny of value from any company expenditure nowadays. No one has any slack in the budget, its always time to sweat the suppliers. So, how can you obtain the best value from your Penetration Testing spend? Here at Akimbo ...

Padding Oracle On Downgraded Legacy Encryption (POODLE)

Padding Oracle On Downgraded Legacy Encryption (POODLE) is an attack against SSLv3.0. It exploits two aspects of SSLv3.0. The first aspect involves an attacker performing an interception attack and modify network traffic between a client and server, downgrading the connection to SSLv3.0. The second aspect is a padding oracle issue ...

CBC-mode Ciphers

The use of Cipher Block Chaining (CBC) mode ciphers is “discouraged”. This term is used as these cipher suites have not been formally deprecated but have effectively been superseded. For example, later version of Transport Layer Security support more secure cipher mode options such as Galois/Counter Mode (GCM) ciphers. Additionally, ...

Lucky 13

Lucky 13 is a padding oracle vulnerability against CBC-mode ciphers in TLS that utilises a timing side-channel. This issue is due to a flaw within the SSL/TLS specification and is not implementation specific, however implementations may be able to harden against exploitation of this issue and prevent exploitation by removing ...

Browser Exploit Against SSL/TLS (BEAST)

BEAST is an attack that exploits several weaknesses within Transport Layer Security (TLS) 1.0 and older SSL protocols when using a CBC-mode cipher. The flaw is not strictly within the Transport Layer Security protocol itself, but is instead a known issue with Cipher Block Chaining (CBC). Although fixed in TLSv1.1. ...

2 / 13
Play Cover Track Title
Track Authors