London: 020 0200 8142


25 March 2013 by Dave Stroud

There are lot of excellent SQL injection cheat sheets out there; however, I found the majority provide only the components of a SQL injection rather an entire, working string. As a result, successfully putting a valid query together can take some trial and error and waste precious time. I have thus attempted to create a list of pre-made strings for each type of SQL injection so that they can simply be pasted in with little modification.   … Read More »

30 January 2013 by Dave Stroud

Continuing on from my previous post where we took a look at the key JavaScript functions needed to perform more advanced XSS attacks, in this post we’ll be looking at how we can use injected iframes to harvest login credentials. We will do so by creating a full screen iframe of the site’s login page and then edit the action of the login form on the fly so that it points to a credential stealing PHP script we host … Read More »

8 November 2012 by Pravesh Kara

We are very pleased to announce that we have successfully recertified as a CREST Member Company. Information Security companies under the CREST scheme must recertify every year to ensure they are meeting the stringent standards required. Our recertification thus reflects our ongoing commitment to providing a world class penetration testing service.

Category: Announcements
7 November 2012 by Dave Stroud

It seems like just yesterday we were scrambling up Scarfel Pike in our last PRCON; however, an entire year had flown by and so it was time for PRCON 2012! We thus jetted off from our respective homes all round the country and met in Northampton for two days of presentations, group activities and plenty of drinking! We also had the pleasure of formally meeting the two new cogs in the Perspective Risk Information Security machine, Ash and … Read More »

Category: Announcements
31 October 2012 by Dave Stroud

When encountering a Cross-Site Scripting (XSS) flaw, it is standard practice for a penetration tester to inject: <script>alert(document.cookie)</script> Which will pop up an alert box displaying their cookie. A screenshot of this, accompanied by a description of a hypothetical attack scenario, such as “an attacker could exploit this to redirect users to a malicious site” or “an attacker could leverage this to harvest login credentials”, will then form the evidence and consequences of the issue in the … Read More »

16 October 2012 by Dave Stroud

By default, VMware Player will use Network Address Translation (NAT) to provide your virtual machine (VM) with network connectivity. At a basic level, this means that your VM will share an IP address with your host operating system (OS). Your host will then use the concept of NAT to ensure that responses to traffic emanating from your VM are directed to it accordingly. Using NAT is fine for the majority of VM usage, however, there are some circumstances where it’s better to have your VM in bridged mode. When bridged, a VM will … Read More »

16 October 2012 by Dave Stroud

Without doubt, there are many small business owners who realize the benefits of a penetration test and want to secure their infrastructure; however, many more will be of the opinion that they need not concern themselves with the security of their network as they have no information a hacker would ever find useful. This mindset, that of ‘security through anonymity’, is inherently flawed as in reality, every business network, regardless of size, likely contains something useful for a hacker. It can be … Read More »

30 June 2012 by Minh-Dat Lam

Greetings! Continuing from my first blog about the journey of reverse engineering, I’d like to make a quick post about the fundamentals of code analysis as an expansion of the reverse engineering topic at the end of my first blog. I believe that if you want to be a true hacker or forensic investigator, the understanding of how software works at a code level is essential. You need to be able to either break down the exploit code, … Read More »

Category: Forensics
28 February 2012 by Pravesh Kara

Simple question, hopefully a simple answer: it is an Information Security discipline where the aim is to identify ways to compromise you and/or your organisation.  There is more to it than that, obviously, but that should provide a good starting point!  Many people involved in the industry, such as penetration testers, sales people, information security consultants, etc. all have their own interpretation of penetration testing, and there is a wide ranging view of what it is and … Read More »

26 February 2012 by Pravesh Kara

Want to check how good your organisation’s security is? Click here. Having passed the rigorous CESG application procedure we are extremely pleased to announce that Perspective Risk is now a CESG CHECK accredited company. Achieving CHECK accreditation is a major milestone in our company’s development and complements our existing Crest and ISO accreditations, allowing Perspective Risk to provide the best possible service to all of our customers. Want to know more? Get in touch with one of … Read More »

Category: Announcements
23 February 2012 by Minh-Dat Lam

Introduction and Grey Hat Hacking Book Review Greetings! I’m Minh, one of the penetration testers at Perspective Risk.   This is my first blog post and I feel it would be fitting to share a little about myself and my voyage with Perspective Risk. My first year at Perspective Risk has just come round and what a year it has been, filled with exciting work and the wonderful opportunity to collaborate with people from around the globe, … Read More »

Category: Forensics
6 February 2012 by Dave Stroud

Creating a Penetration Testing Web Server Using Gearman & Supervisor Part 1 Installation & Basic Usage   I was tasked with building a pen test web server for my company, i.e. an easy to use and relatively attractive web interface that allows our employees to quickly and quietly launch various tools, using predefined settings and a few user supplied parameters. The following requirements formed version 0.1:   Minimal effort required by the user for each tool, i.e. … Read More »

24 January 2012 by Dave Stroud

Hello and welcome to the new Perspective Risk blog! I thought I’d begin with a series of posts on Cross Site Scripting (XSS) as this is an area of web security I’m particularly interested in. We’re going to start with the very basics, by taking a look at what XSS actually is and the three different varieties of it. XSS Cross Site Scripting (XSS) attacks occur when a website fails to properly prevent attackers from inserting malicious code … Read More »

4 January 2012 by Pravesh Kara

The Perspective Risk blog has been created to provide information security resources to the penetration testing community and customers alike. We will endeavour not to swamp you with corporate information but from time to time and where we believe we have something of value to say we will post it here. One aspect of the blog is to chart the progress of one of our graduates, Dave, and he will be making regular posts on vulnerabilities, pen … Read More »

Category: Announcements
30 August 2011 by Pravesh Kara

Whilst we are ardent supporters of maintaining a healthy balance between work and life and well aware of the advantages of remote working, at Perspective Risk we still believe a great team spirit is necessary in order to deliver the best service possible. With this in mind, every year the whole team at Perspective Risk convene in one location to get face time in a more social environment. Our event is normally split over two days, the … Read More »

Category: Announcements

We are Perspective Risk

  • Information security is crucial to every aspect of your business – operational efficiency, profitability, business continuity, customer confidence, brand loyalty, protection against fraud and meeting regulatory requirements.

    Our penetration testing, pen testing, pen tests and cyber security testing has proven time and time again to be an effective security assessment of business IT infrastructure.

    Perspective Risk provides in-depth security assessments, risk management and compliance solutions to help you keep your confidential information safe and your critical systems secure. We’re innovative, flexible and supportive, helping you through any information security issues to deliver real business benefits and excellent value.

  • Call Me

    Pop your details in below and we’ll be in touch soon!

    • This field is for validation purposes and should be left unchanged.

    Get Quote
    • This field is for validation purposes and should be left unchanged.