Foregenix-Logo-Horizontal-Colour
Free Webscan

Cybersecurity Insights

David Kirkpatrick

You are the Weakest Link … Goodbye!

16/03/18 16:31

Historically, customers have used penetration testing to test the security of their infrastructure from an external or internal perspective. For a long time, this has been the ‘de facto’ standard to test for security vulnerabilities. However, we (penetration testers), have been aware for quite some time that this is not the full story.

Read More
Zacharias Pigadas

Introducing: XOR-Based SQL Injection

25/10/17 10:27

Having such an exposure to application related testing means we have seen our share of vulnerabilities. These range across different categories, attempts of mitigation, good practices, bad practices, the full monty. Every once in a while, a vulnerability appears whose exploitation makes you scratch your head, scream at the computer screen, or just walk away in the hopes that the solution will present itself in the next morning.

Read More
Paul Taylor

Responsible Disclosure of Zero-Day Vulnerabilities Discovered in NfSen and AlienVault OSSIM

25/09/17 12:09

Part 1 of 2 – Introduction and Background

NfSen is an open source netflow data capture and analysis module which can be used as a standalone product, and is also integrated into AlienVault’s USM/OSSIM security monitoring software.

During a penetration testing engagement for one of our clients, Foregenix discovered a zero-day vulnerability in NfSen. The zero-day allowed remote code execution as root, resulting in a total server compromise.

Read More
Zacharias Pigadas

Getting The Most Out Of Your Web Application Penetration Test

08/09/17 15:45

The purpose of this post is to help clients better prepare, digest and act upon the results of a web application penetration test.

Read More
Zacharias Pigadas

How Your Cyber Security Efforts Can Turn Into Security Nightmares

27/07/17 10:09

A short (and fairly common) story of how quick and dirty initiatives to deal with security weaknesses can actually land you an ordeal of problems and eventually get your systems compromised.

Read More
David Kirkpatrick

You are the Weakest Link … Goodbye!

16/03/18 16:31

Historically, customers have used penetration testing to test the security of their infrastructure from an external or internal perspective. For a long time, this has been the ‘de facto’ standard to test for security vulnerabilities. However, we (penetration testers), have been aware for quite some time that this is not the full story.

Read More
Zacharias Pigadas

Introducing: XOR-Based SQL Injection

25/10/17 10:27

Having such an exposure to application related testing means we have seen our share of vulnerabilities. These range across different categories, attempts of mitigation, good practices, bad practices, the full monty. Every once in a while, a vulnerability appears whose exploitation makes you scratch your head, scream at the computer screen, or just walk away in the hopes that the solution will present itself in the next morning.

Read More
Paul Taylor

Responsible Disclosure of Zero-Day Vulnerabilities Discovered in NfSen and AlienVault OSSIM

25/09/17 12:09

Part 1 of 2 – Introduction and Background

NfSen is an open source netflow data capture and analysis module which can be used as a standalone product, and is also integrated into AlienVault’s USM/OSSIM security monitoring software.

During a penetration testing engagement for one of our clients, Foregenix discovered a zero-day vulnerability in NfSen. The zero-day allowed remote code execution as root, resulting in a total server compromise.

Read More
Zacharias Pigadas

Getting The Most Out Of Your Web Application Penetration Test

08/09/17 15:45

The purpose of this post is to help clients better prepare, digest and act upon the results of a web application penetration test.

Read More
Zacharias Pigadas

How Your Cyber Security Efforts Can Turn Into Security Nightmares

27/07/17 10:09

A short (and fairly common) story of how quick and dirty initiatives to deal with security weaknesses can actually land you an ordeal of problems and eventually get your systems compromised.

Read More