This article presents a thorough mobile app penetration‑testing guide covering objectives, scope, testing methods, step‑by‑step workflow, recommended tools, reporting structure, and remediation advice to help developers and security professionals secure their applications.
A joint study by Wiz and Irregular pits leading LLM agents against a senior pentester across ten real‑world vulnerability scenarios, revealing that AI can breach nine targets at under $10 per attack yet still lags in tool usage, creative reasoning, and prioritisation, offering crucial insights for security professionals.
The author details a step‑by‑step security assessment of an EDU certificate platform, revealing edge asset discovery, unauthorized .map file leakage, arbitrary file download and upload, path‑traversal flaws, and credential exposure via Bash history, culminating in high‑severity findings.
The article compares penetration testing and internet exposure surface detection, outlining their definitions, processes, tools, typical use cases, distinct goals and methodologies, and recommends combining both for a comprehensive security assessment.
As open‑source large language model tools like Ollama, OpenWebUI and ComfyUI gain popularity, numerous security flaws such as unauthenticated APIs, CVE‑exploits, model theft and remote code execution emerge, prompting the development of AI‑Infra‑Guard—a lightweight, cross‑platform scanner that identifies over 30 component vulnerabilities and offers both web UI and CLI modes for rapid risk assessment.
This article outlines a thorough mobile application security testing methodology, covering installation package verification, code obfuscation checks, signature validation, integrity and permission audits, sensitive data handling, keyboard hijacking, account protection, communication encryption, component exposure, and server-side vulnerability assessments such as SQL injection and CSRF.
Web application penetration testing is a systematic security assessment that identifies vulnerabilities such as SQL injection, XSS, CSRF, insecure authentication, and file‑upload flaws, using methods ranging from black‑box to manual testing, and follows best practices like OWASP guidelines to protect data, privacy, and system integrity.
This article explains how to identify and exploit MyBatis‑based SQL injection vulnerabilities by examining XML and annotation mappings, covering common pitfalls such as fuzzy queries, IN clauses, and ORDER BY, and provides a step‑by‑step practical analysis using a real open‑source CMS project.
The article documents a step‑by‑step security investigation of a QQ phishing site, detailing its fake login page, POST endpoint, Python‑based credential flooding, network reconnaissance, port scanning, vulnerability scanning, and discovery of the backend control panel, while discussing the challenges of XSS and brute‑force attacks.
This article explains the importance of security testing, outlines where to start, and details a step‑by‑step security testing workflow covering requirement analysis, static code scanning, third‑party component checks, data masking, permission checks, XSS, SQL injection, privilege escalation, file upload/download, server port scanning, and business‑specific test cases.
This article provides an in‑depth overview of security testing, covering its definition, lifecycle, test types, a wide range of scanning and injection tools, practical checklists, evaluation metrics, and recommendations for integrating security assessments throughout the software development process.
