Web Application Risks: SQL Injection Welcome to the second of five posts on the top vulnerabilities found in vendor and bespoke web applications. Here, InfoSec Pro Kai Stimpson focuses on the second most common vulnerability we encounter – SQL Injection. You can catch the first post on broken authentication here. What is SQL injection? SQL (Structured Query Language) injection is a technique used for attacking data-driven apps. Despite having been around for nearly 20 years, it continues to pose a … Read More »
Web Application Risks: Broken Authentication Welcome to the first of five posts addressing the typical vulnerabilities found in web applications. Here, Perspective Risk’s Senior Security Consultant Kai Stimpson looks at broken authentication and how to prevent it. Neglecting to incorporate a robust authentication solution into your web app can lead to a threat actor gaining unauthorised access to it, compromising the confidentiality of your users’ data. Want to check how good your organisation’s security is? Click here. … Read More »
Perspective Risk stand out in the field of penetration testing because they understand the importance of security risks and are able to map it to the domain in which their client is operating. Perspective Risk take penetration testing to the next level, using real people to test systems and interpret the results. Project: Mobile and Application Penetration Testing
Matthew Byrne provided some great advice and showed great insight and knowledge about security aspects and vulnerabilities across our environment. Very pleased with his efforts and advice given throughout the engagement. Project: Pan Government Accreditation IT Health Check and Penetration Test
Great communication with the team during testing – highly collaborative while maintaining rigorous testing criteria. The fast turnaround of the report was greatly appreciated given the tight timescales for the project. Project: IT Health Check and Penetration Test
With a growing web development team coding in a fast paced environment, it was important for us to get an expert third party security firm in to carry out a web security review. Perspective Risk provided the independent review we needed. Project: Application Penetration Test
Zia Rehman came to TNA to carry out an ITHC in September and all of the staff he worked with, including myself, were really impressed with his skill and knowledge and how well he got on with everyone and how he made the whole process very straightforward whilst achieving a great deal of work. Project: IT Health Check and Penetration Test
There are lot of excellent SQL injection cheat sheets out there; however, I found the majority provide only the components of a SQL injection rather an entire, working string. As a result, successfully putting a valid query together can take some trial and error and waste precious time. I have thus attempted to create a list of pre-made strings for each type of SQL injection so that they can simply be pasted in with little modification. … Read More »
When encountering a Cross-Site Scripting (XSS) flaw, it is standard practice for a penetration tester to inject: <script>alert(document.cookie)</script> Which will pop up an alert box displaying their cookie. A screenshot of this, accompanied by a description of a hypothetical attack scenario, such as “an attacker could exploit this to redirect users to a malicious site” or “an attacker could leverage this to harvest login credentials”, will then form the evidence and consequences of the issue in the … Read More »
Hello and welcome to the new Perspective Risk blog! I thought I’d begin with a series of posts on Cross Site Scripting (XSS) as this is an area of web security I’m particularly interested in. We’re going to start with the very basics, by taking a look at what XSS actually is and the three different varieties of it. XSS Cross Site Scripting (XSS) attacks occur when a website fails to properly prevent attackers from inserting malicious code … Read More »
We are Perspective Risk
Information security is crucial to every aspect of your business – operational efficiency, profitability, business continuity, customer confidence, brand loyalty, protection against fraud and meeting regulatory requirements.
Our penetration testing, pen testing, pen tests and cyber security testing has proven time and time again to be an effective security assessment of business IT infrastructure.
Perspective Risk provides in-depth security assessments, risk management and compliance solutions to help you keep your confidential information safe and your critical systems secure. We’re innovative, flexible and supportive, helping you through any information security issues to deliver real business benefits and excellent value.