Summary In summary, this article has the purpose to explain to the reader, the importance of security testing in early development stages and the various strategies. The article starts by explaining what application security is, the traditional way of testing…
Summary The increasing integration of Artificial Intelligence (AI) into programming is fundamentally transforming the way software is conceived and developed. With advances in generative AI, exemplified by foundational models like OpenAI Codex, Github Copilot, and Google's DeepMind AlphaCode, programmers are…
This new entry has the objective of showcasing how mitre Caldera™ works, and how it can be useful for adversarial simulation and simulated red team operations. This platform was designed to easily run autonomous breach-and-attack simulation exercises, it also allows…
Summary The summary underscores the principles and key components of the Zero Trust approach in cybersecurity. Beginning with the axiom "Never trust, Always verify," it explores benefits such as a proactive stance and enhanced visibility and control. It details the…
Context During an authorised penetration testing assessment conducted on Xpand IT’s Write-Back software, Balwurk’s security team found multiple security vulnerabilities, first disclosed to the customer and then responsibly submitted to the MITRE CVE program. The discovered vulnerability allows attackers to…
The content of this article is intended for educational and awareness purposes. Everyone in InfoSec knows Metasploit and the importance this tool has had on many professionals and in the field itself, either be it for awareness purposes, education, CTFs…
Context During an authorised penetration testing assessment of Xpand IT Write-Back software, Balwurk's security team found a vulnerability that allows an attacker to craft its own Write-Back commercial licenses, unlocking the software's full features without paying for it. What is…
Introduction It is a truism, in software engineering, that developing software is hard. Developing secure systems is even harder, as shown by the evolution in the number of vulnerabilities in software systems. As the complexity of modern software increases, so…
Modern cyber-criminal gangs, deploy multiple state-of-the-art techniques to retrieve information from a compromised or breached company. This is because most companies isolate, in varying degrees, their internal network from the public internet, blocking certain file transfer protocols, or prevent access…
What can be done to improve application security within the QNRCS? That's what we intend to answer in these lines. At the end of this article, you will know where to find the essential information to drive and maintain your…