The Blog

SQLmap is an automated SQL injection tool.
It is very practical in pentests to send a lot of payloads, and find injections that would have gone unnoticed with basic manual tests.
However, some SQL injections require the pentester to script the exploit himself: injections too complex to be detected by sqlmap, server too unstable, and other edge cases.

Some lesser known features of SQLmap can still allow its use despite complex use cases.

Vladimir had the opportunity to test the security of the Windchill PLM software published by PTC during an intrusion test mission.

Using basic website security auditing techniques, he discovered a vulnerability affecting all versions of the software. It allowed him to read the configuration files accessible in the application folder.

The article exposes the methodology used to find a flaw in a network protocol used by the KeyShot software.

Learn how to quickly test the security of your WordPress site with the wpscan tool and some pentester tips.

HTTP headers are sent to browsers by web servers in their responses to users’ HTTP requests. They are not directly visible in the browser but they are essential: they define cookies, govern the interpretation of content and cache settings, but also the security of the browser.
Certain HTTP headers must be included in order to follow good security practices: they make it possible to reinforce the security of the web browsers of the users of your websites. Moreover, in the event of absence, the security auditors and vulnerability scanners will almost systematically raise it as a weakness.

VSEs/SMEs and freelancers are often faced with a lack of resources and skills to secure their IT system. However, the stakes are high in the event of a computer attack: sometimes long and expensive repairs, loss of turnover, loss of reputation.
This guide aims to provide Small Businesses (SMBs) with practical and affordable advice to secure their business. It is based, among other things, on the work of the National Cyber Security Center (NCSC) and the recommendations of the National Agency for Information Systems Security (ANSSI).

The SSH remote access service allows remote administration of servers, PCs or network equipment. It is available on both Linux and MAC OS as well as Windows. It allows easy and remote access to equipment, with the privileges of the chosen user.

We will then speak of an SSH server, on which the user, the SSH client, connects.

Often exposed on the Internet, it is necessary to follow some SSH security best practices in order to reduce the risks.

During a mission, a DSecBypass pentester was confronted with the Java Apereo CAS software. It was possible to bypass software-managed SSO authentication by exploiting a Spring Boot Actuator configuration flaw.

Although HTTPS is easy to set up, default or aging configurations are often vulnerable and do not guarantee the best level of security for the user. In addition, a bad configuration also leads to a reduction in the ratings assigned by cybersecurity products on which cyber insurance can be based.