Asset Discovery

The first step in securing any organization is to understand what you have.  Unless you have a strong understanding of the systems and services on your network, you have no hope of keeping it both secure and usable.  You could implement extremely strong controls to lock down everything, but then business operations come to a …

Asset Discovery Read More »

Insomnia plus Burp Suite icons

Getting Started API Penetration Testing with Insomnia

In our blog series on Better API Penetration Testing with Postman we discussed using Postman as the client for testing RESTful service APIs. Insomnia is an MIT-licensed open source alternative to Postman. Its commercial maintainer, Kong, is best known for their microservice API Gateway. Like Postman, Kong offers premium subscriptions for syncing and collaboration functionality. …

Getting Started API Penetration Testing with Insomnia Read More »

Using Components with Known Vulnerabilities

When an organization has a breach, you would like to imagine that the attacker crafted a new exploit, leveraging a zero-day vulnerability that no one has any protection against. However, It is far more likely that the attacker exploited well-known vulnerabilities that may have been residing within their systems for months, if not years.  Attackers …

Using Components with Known Vulnerabilities Read More »

Kubernetes Security – A Useful Bash One-Liner

Whether you’re an administrator, pentester, devop engineer, programmer, or some other IT person, chances are that you’ve heard of Kubernetes (k8s). If you’re a penetration tester like myself you may sometimes find yourself in odd situations involving k8s. One such situation is getting or being given super admin to a Kubernetes cluster, but you’re on …

Kubernetes Security – A Useful Bash One-Liner Read More »

Building Blocks: Professionally Evil Fundamentals Series

We at Secure Ideas love security education. What we enjoy even more is affordable security education. So we decided to start a Professionally Evil Fundamentals Video series. These are short definition videos related to information security and penetration testing. We believe that these videos are for anyone who wants to move into information security or …

Building Blocks: Professionally Evil Fundamentals Series Read More »

It’s Okay, We’re All On the SameSite

With Google’s recent announcement that all cookies without a SameSite flag will be treated as having SameSite=Lax set by default in Chrome version 80, surely Cross-Site Request Forgery will be dead? Well, not quite… In this post I’m going to demonstrate a scenario in which the SameSite default won’t actually stop a CSRF attack from …

It’s Okay, We’re All On the SameSite Read More »

Top 10 Blog Lists

We have written a lot over the past year and beyond, and we wanted to provide you with our Top 10 lists! Take a look and gain some new knowledge for the new year!! Top 10 Blogs from 2019 Better API Penetration Testing with Postman – Part 1 + Better API Penetration Testing with Postman – …

Top 10 Blog Lists Read More »

Scroll to Top