- Penetration testing
- Tools and techniques
The Overlooked Control: Cache-Control in Mobile App Security
In the realm of mobile application development, attention often gravitates towards high-profile security vulnerabilities like SQL injection, business logic flaws, or weak access controls. However, one crucial aspect that often slips under the radar is the proper implementation of cache-control settings, especially when handling Network API requests. While seemingly innocuous, neglecting cache control can open a Pandora's box of security risks, a fact often overshadowed by more sensational security findings.
"Assumed Compromise" Assessments: A Guide
In red teaming, defining the business objectives of the exercise early is essential to driving the best value realisation from the exercise. Each attack simulation involves a bespoke scoping exercise, and it is during these scoping processes that we discuss different ways of potentially achieving the desirable business objectives and the pros and cons of each.
- Penetration testing
- Red teaming
- Tools and techniques
Avoiding Microsoft OneNote attachments spreading malware on your network
OneNote is note-taking software, developed by Microsoft and is included in the default Office suite bundle. In recent years, OneNote files have become popular channels for attackers to distribute malware, given their common installation and Microsoft's organisational measures to block macros from running in Excel and Word.