Blog

As organizations grow and adopt new technologies, their attack surface expands, creating more opportunities for cyber threats. Attack Surface Management (ASM) is crucial for identifying and securing both digital and physical entry points that could be exploited. This article explores the key functions of ASM, including asset discovery, vulnerability analysis, and continuous monitoring, while highlighting best practices for maintaining a...

Get ready to learn the importance of LLM (Large Language Model) security testing, a vital process for identifying vulnerabilities in AI models, especially those integrated into web applications. The need for early detection of potential risks like unauthorized data access, prompt injection attacks, and remote code execution is more crucial than ever.

Social engineering penetration testing evaluates how susceptible an organization is to deception-based attacks targeting human vulnerabilities rather than technical systems. By simulating real-world social engineering tactics like phishing, pretexting, and physical infiltration, it assesses how well employees can detect and respond to such threats. This testing highlights the need for improved security training and protocols to protect sensitive information from...

Ahead of the Breach Podcast sits down with Jack Leidecker, CISO at Gong, to discusses the importance of proactive cybersecurity measures and building effective security programs from scratch.

Introducing WebQL, an automated JavaScript analysis tool that leverages CodeQL to identify and exploit vulnerabilities in modern web applications like SPAs and PWAs. By automating the extraction, beautification, and analysis of client-side code, WebQL enhances penetration testing by uncovering security issues obscured by modern development practices.

This blog introduces snickerdoodle, a customized Cookiecutter template designed to help penetration testers quickly create and share complex CLI tools. By automating project setup with features like pre-configured CLI interfaces, Rich logging, and integrated dependency management using Poetry, Snickerdoodle allows security professionals to focus on coding rather than boilerplate setup.