Jun 27, 2023
|
By James Drew
This is the second article in our Application Security 101 mini-series. Read our first blog on how to configure HTTP response headers with security best practices. This time we’re going to discuss another misconfiguration that we often find during website penetration testing. This is not necessarily a ‘vulnerability’, however information disclosure via HTTP response headers can provide exact version information of the web server or web technologies in use on the underlying host.
Nov 4, 2022
|
By Adam King
As digital business becomes more widespread, the need to ensure data security increases. One way to test its effectiveness is through penetration testing. Penetration tests are performed by ‘ethical hackers’ who attempt to gain access to systems and data to find vulnerabilities. By doing so, businesses can then take steps to mitigate these risks. Companies should consider penetration testing as an essential part of their overall security strategy.
Oct 24, 2022
|
By Phil Condon
Phishing attacks have been increasing rapidly year on year, and surged as a result of COVID-19. Research shows that 96% of phishing attacks are sent by email. A common technique used in these attacks is to impersonate well known or trusted brands to entice users to open links and attachments. One way to achieve this is to “spoof” the email address that is shown to users in their email client.
Jul 19, 2022
|
By Phil Condon
This article provides a breakdown of the most important Terraform security best practices to consider when implementing an Infrastructure as Code (IaC) environment. Terraform is a highly popular IaC tool offering multi-cloud support. IaC means that infrastructure is deployed automatically and configured at scale, which has immediate benefits for efficiency and consistency.
Jun 8, 2022
|
By Adam King
This article provides a synopsis of the Follina exploit and simple steps you can take to mitigate this severe remote code execution vulnerability within Microsoft Support Diagnostic Tool (MSDT). This vulnerability is triggered via common Windows applications such as Microsoft Word and is being actively exploited by known hacking groups.
Jan 20, 2022
|
By Tim
This article is the first in a series that will discuss some of the most common issues with HTTP security headers, which are often relatively easy to implement and can have a significant impact on the overall security posture of your application. We’ve previously talked about the proactive and reactive styles of application development and security testing. In this article, we discuss HTTP headers which are a common misconfiguration.
Nov 24, 2021
|
By Tim
Exchange admins now have another exploit to deal with despite still reeling from a number of high profile attacks this year including ProxyLogon and ProxyShell. A new high severity Remote Code Execution (RCE) exploit for on-premise Exchange Servers has been published and is being actively exploited in the wild.
Nov 10, 2021
|
By Tim
We’ve recently discussed application security and the trend we’re seeing in which companies are increasingly implementing security early on in the Software Development Life Cycle (SDLC). In our blog post exploring the impact of adopting application security, we described a common scenario involving assessing an application that was ready for release. Through the assessment, critical vulnerabilities were identified, such as an SQL injection, close to the go-live deadline.
Oct 27, 2021
|
By Tim
There is a movement in the IT security world that is gaining traction, and it is based around the implementation of security within applications from the beginning. You may have heard buzzwords like “AppSec”, “DevSecOps” and “Shift Left”, but what do they actually mean? What does it take to “Shift Left” when developing a secure application? You can read about dealing with dependencies in our blog post.
Oct 20, 2021
|
By Tim
The adoption of agile practices has resulted in the emergence of shift-lift testing, where testing is performed much earlier in the Software Development LifeCycle (SDLC). Traditional waterfall models performed testing to the right of, or following, development. The benefits of testing earlier and more often cannot be underestimated. However, where does this leave security and security testing?
- June 2023 (1)
- November 2022 (1)
- October 2022 (1)
- July 2022 (1)
- June 2022 (1)
- January 2022 (1)
- November 2021 (2)
- October 2021 (3)
- September 2021 (2)
- July 2021 (1)
- June 2021 (2)
- May 2021 (2)
- April 2021 (1)
- January 2021 (1)
Sentrium is a CREST-Approved cyber security consultancy, powered by a combination of extensive business and technical expertise that provides you with the services you need to reduce your risk.
We are committed to global cyber security advancement, equipping businesses around the world with the awareness of their technical environment so they can be secure in the ever-changing threat landscape.
Our transparent, consultative approach reaches further into your organisation’s security posture to achieve impactful, valuable results.
- Application: Protect sensitive information stored in your web and mobile applications by meticulously identifying vulnerabilities and recommending remediations before they can be exploited.
- Cloud: Alleviate risks to your cloud security controls with rigorous analysis, assessment and recommendations that ensure the security of your cloud environment.
- Infrastructure: Methodically target your technology’s security controls to uncover weaknesses in your technical environment and secure your network’s infrastructure.
Securing your technology, information and people.