London: 020 0200 8142

Application Security

25 May 2017 by Kai Stimpson

Web Application Risks: SQL Injection Welcome to the second of five posts on the top vulnerabilities found in vendor and bespoke web applications. Here, InfoSec Pro Kai Stimpson focuses on the second most common vulnerability we encounter – SQL Injection. You can catch the first post on broken authentication here. What is SQL injection? SQL (Structured Query Language) injection is a technique used for attacking data-driven apps. Despite having been around for nearly 20 years, it continues to pose a … Read More »

9 February 2017 by Kai Stimpson

Web Application Risks: Broken Authentication Welcome to the first of five posts addressing the typical vulnerabilities found in web applications. Here, Perspective Risk’s Senior Security Consultant Kai Stimpson looks at broken authentication and how to prevent it. Neglecting to incorporate a robust authentication solution into your web app can lead to a threat actor gaining unauthorised access to it, compromising the confidentiality of your users’ data. Common Pitfalls in Web App Authentication Solutions When performing an in-depth … Read More »

26 March 2015 by Pravesh Kara

Perspective Risk stand out in the field of penetration testing because they understand the importance of security risks and are able to map it to the domain in which their client is operating. Perspective Risk take penetration testing to the next level, using real people to test systems and interpret the results. Project: Mobile and Application Penetration Testing

26 March 2015 by Pravesh Kara

Matthew Byrne provided some great advice and showed great insight and knowledge about security aspects and vulnerabilities across our environment. Very pleased with his efforts and advice given throughout the engagement. Project: Pan Government Accreditation IT Health Check and Penetration Test

26 March 2015 by Thomas Yarwood

Great communication with the team during testing – highly collaborative while maintaining rigorous testing criteria. The fast turnaround of the report was greatly appreciated given the tight timescales for the project.   Project: IT Health Check and Penetration Test

13 March 2015 by Pravesh Kara

With a growing web development team coding in a fast paced environment, it was important for us to get an expert third party security firm in to carry out a web security review. Perspective Risk provided the independent review we needed. Project: Application Penetration Test

13 March 2015 by Pravesh Kara

Zia Rehman came to TNA to carry out an ITHC in September and all of the staff he worked with, including myself, were really impressed with his skill and knowledge and how well he got on with everyone and how he made the whole process very straightforward whilst achieving a great deal of work. Project: IT Health Check and Penetration Test

30 July 2014 by Dave Stroud

Following on from my first blog post, hopefully you’ve now grasped the basics of XSS, so we can move onto some slightly more advanced areas. As mentioned in the previous post, we’ll be covering event handlers today. We’re also going to take a look at breaking out of HTML tags, as this is another essential part of exploiting XSS flaws and web security!   Event Handlers Event handlers are special JavaScript functions that perform an action based … Read More »

25 March 2013 by Dave Stroud

There are lot of excellent SQL injection cheat sheets out there; however, I found the majority provide only the components of a SQL injection rather an entire, working string. As a result, successfully putting a valid query together can take some trial and error and waste precious time. I have thus attempted to create a list of pre-made strings for each type of SQL injection so that they can simply be pasted in with little modification.   … Read More »

30 January 2013 by Dave Stroud

Continuing on from my previous post where we took a look at the key JavaScript functions needed to perform more advanced XSS attacks, in this post we’ll be looking at how we can use injected iframes to harvest login credentials. We will do so by creating a full screen iframe of the site’s login page and then edit the action of the login form on the fly so that it points to a credential stealing PHP script we host … Read More »

31 October 2012 by Dave Stroud

When encountering a Cross-Site Scripting (XSS) flaw, it is standard practice for a penetration tester to inject: <script>alert(document.cookie)</script> Which will pop up an alert box displaying their cookie. A screenshot of this, accompanied by a description of a hypothetical attack scenario, such as “an attacker could exploit this to redirect users to a malicious site” or “an attacker could leverage this to harvest login credentials”, will then form the evidence and consequences of the issue in the … Read More »

24 January 2012 by Dave Stroud

Hello and welcome to the new Perspective Risk blog! I thought I’d begin with a series of posts on Cross Site Scripting (XSS) as this is an area of web security I’m particularly interested in. We’re going to start with the very basics, by taking a look at what XSS actually is and the three different varieties of it. XSS Cross Site Scripting (XSS) attacks occur when a website fails to properly prevent attackers from inserting malicious code … Read More »

We are Perspective Risk

  • Information security is crucial to every aspect of your business – operational efficiency, profitability, business continuity, customer confidence, brand loyalty, protection against fraud and meeting regulatory requirements.

    Our penetration testing, pen testing, pen tests and cyber security testing has proven time and time again to be an effective security assessment of business IT infrastructure.

    Perspective Risk provides in-depth security assessments, risk management and compliance solutions to help you keep your confidential information safe and your critical systems secure. We’re innovative, flexible and supportive, helping you through any information security issues to deliver real business benefits and excellent value.

  • Call Me

    Pop your details in below and we’ll be in touch soon!

    • This field is for validation purposes and should be left unchanged.

    ×
    Get Quote
    • This field is for validation purposes and should be left unchanged.
    ×