Articles

Back

HTTP Security Headers: X-Frame-Options

The X-Frame-Options header can be used to specify whether a web browser should be allowed to render the target page in a frame (such as a frame, iframe, embed, or an object tag). This can be used to prevent attacks such as ClickJacking. Although this header is effectively made obsolete by the Content-Security-Policy (CSP) feature frame-ancestors, it can ...

HTTP Security Headers: Cache-Control

The Cache-Control HTTP server response header specifies whether the server response can be cached by the web browser and any interim devices such as web proxies. Generally, if the content of the page includes confidential information, then it should not be cached, as if confidential information is cached on user’s device, and ...

[Webinar] Your System Hardening Sucks

Akimbo hosted a Webinar to cover hints and tips about how to implement effective system hardening. We’re sharing the recording for those that couldn’t make it on the day! If you’d like more information about any of the content covered, or if you’d like to discuss a training requirement then ...

The OWASP Top 10 2021

OWASP OWASP, or the Open Web Application Security Project, are a non-profit organisation that produces a range of articles, tools, and other resources on security topics. Including topics such as web application, API, and mobile application security issues. It also produces the “OWASP Top 10”, an awareness document that is ...

ScotSoft: Building and Breaking Web Applications

On October 7th I had the pleasure of speaking at ScotSoft 2021 about Penetration Testing and breaking Web Applications. I’ve included my slides from the presentation and some speaker notes on the content covered below: For this presentation, I opened with my working definition of what Penetration Testing is, to ...

What is Penetration Testing?

Penetration Testing, often abbreviated to PenTesting, is a method of testing the security of a system through attempting to discover and actively exploit vulnerabilities within the system. It is amongst the most effective methods of determining the actual risk posed by a system. This is due to the fact that ...

An Introduction to Logic Analyzers

Logic Analyzers are inexpensive devices that allow you to just take a look at what a small number of pins on a chip are up to. They can be hooked into software like PulseView to read pin output and decode it into something more useful. Many decoders are available, but ...

Introduction to Radio Hacking

In my introduction to hardware hacking, I mention that radio systems may be part of the attack surface for a hardware device penetration test. So I thought I’d give a gentle introduction to hacking with an SDR here! Firstly, what’s an SDR? It stands for software-defined radio, and refers to ...

Calculating Subnets and CIDR Quickly

A friend of mine mentioned recently that he has to work out subnet masks in his head for an exam and commented in reality he’d just use a subnet calculator. Whilst this is probably true, there’s a quick trick that might help if you’re calculating subnets under duress. This isn’t ...

4 / 13
Play Cover Track Title
Track Authors