Sep 11, 2019 | Cybersecurity, Millennials, Penetration Testing, Risk Management, System Security, Vulnerabilities
Andrew Plato, CEO & Founder of Anitian, recently sat down with podcast host David “Ledge” Ledgerwood from Gun.io to discuss accidentally finding SQL attacks, gaining his deep appreciation for security, and how the combination of both inspired him to start his own...
Oct 13, 2018 | Application Security, Vulnerabilities, Vulnerability Management, Vulnerability Research
Exploiting a SAML Implementation During a recent web application test, I discovered a bug in a Security Assertion Markup Language (SAML) implementation. This bug involved an insecure implementation of a SAML feature combined with a custom authentication mechanism our...
Apr 2, 2018 | Application Security, Penetration Testing, Vulnerabilities
Welcome to Part 2 of this 2-part blog series looking at the details of exploring and validating an exploit! If you liked this series, I bet you’d be interested in our webinar on How to Think Like A Hacker, check it out! Now on to Part 2: Taking it to the Next...
Mar 27, 2018 | Application Security, Penetration Testing, Vulnerabilities
A Study in Exploit Development: Easychat SEH exploit A typical penetration test involves automated scanning to identify vulnerabilities, followed by a more manual testing process where the tester attempts to validate and exploit those vulnerabilities. Many times, we...
Jan 24, 2018 | Risk Management, Security Analytics, Vulnerabilities
It has been a few weeks since security researchers discovered that nearly every processor on earth is vulnerable to Meltdown and Spectre vulnerabilities. Panic is spreading. We agree that this is a serious set of vulnerabilities. But, no need to panic. We got this....
Aug 20, 2015 | Vulnerabilities, Vulnerability Research
During the course of a web application test, occasionally our automated tools will miss a serious vulnerability. Cross-Site Request Forgery is one of these vulnerabilities that our scanners sometimes miss. You can read more about CSRF here. This is why it is so...
