Security Penetration Testing Blog

Security Best Practices for Start-ups
Mar 15, 2019 / Felix Brombacher

Security needs to be the number one priority for start-ups. Amazon CTO Werner Vogels stated on the Munich Founder Conference Bits & Pretzels why it is so important: “Without security, you have no business”.

What Exactly Is Cross-Site Scripting (XSS)?
/ René Milzarek

The number of serious vulnerabilities per web application is rising each year. Often developers also have to tackle vulnerabilities that they’ve never seen before. These Zero-Day attacks are why development teams need to proactively search for vulnerabilities within their web application before releasing new features to the public.

Why Continuous Delivery Is Important
Mar 13, 2019 / Felix Brombacher

Last week, I met a start-up that is working on cloud software. Within their team, they have no one with a tech background. The development of their software is completely relying on two agencies.

KRACK: How Secure Is My Wifi?
Mar 11, 2019 / Felix Brombacher

A new attack on the WPA2 protocol, which is used to encrypt wifi connections, has been published just recently. The attack is something that has been around for over a decade!

Take The Cache To Get To Work — What Cybersecurity Flaws Like Spectre Mean To Web Applications From Non-Techy Viewpoint
Mar 10, 2019 / Felix Brombacher

Overall you and l are painfully aware of cybersecurity threats; however, business implications are sometimes blurry. That’s why I’d like to address the business impact of the Spectre and Meltdown attack in a bit more detail from the business point of view.

Multiple Values Access-Control-Allow-Origin
Mar 08, 2019 / Felix Brombacher

Enforcing security policies on web applications these days is ‘relatively easy’ by using the correct headers in HTTP responses. Take the following example of an application.

Who Likes The ROBOT?
Mar 07, 2019 / René Milzarek

A new attack on the standard of encrypting web traffic just got a new famous vulnerability. In fact, the vulnerability is nothing really new—just something from 1998 that reappeared. Cryptographer Daniel Bleichenbacher found the original vulnerability. Therefore the new version is called “Return of Bleichenbacher’s Padding Oracle” — ROBOT.

Mar 06, 2019 / Felix Brombacher

As managing directors of an IT security company, we had to be present at the 34th Chaos Communication Congress to grasp new developments in the security sphere (and have some fun as well).

Does Chrome Hate Website Providers?
Mar 04, 2019 / Felix Brombacher

Over the last days, there were multiple announcements about the Chrome browser and its new features. From an integrated ad-blocker to trust warnings on websites with no HTTPS encryption. But what is all the fuzz really about?

7 Signs That Your Website Has Been Hacked
Mar 03, 2019 / Felix Brombacher

The times when hacking attacks were unusual and only happened to big companies are over. Hacking private and small or medium-sized companies has become a lucrative environment for many people with sufficient IT knowledge. That is why hacking is an issue facing almost everybody in the modern world. Often companies recognize the problem when it’s already too late, and valuable data (or even money) is lost. I want to show you how you can detect that your website has been hacked and what you can do to prevent such vulnerabilities.