ONSEC.io Pentesting blog

Sign in Subscribe

Latest

GitHub commit parsing for email and fun

GitHub commit parsing for email and fun

During security audits, we check for potential leaks of sensitive information such as source code and API keys related to the object of the investigation. These findings can expand the scope of the research and provide additional access points to the system. To verify the connection between a discovered repository

When you're so bored, you start debugging someone else's code: bug hunting in a random Cloud-Native project

When you're so bored, you start debugging someone else's code: bug hunting in a random Cloud-Native project

Sandbox escape or How to catch all servers of the company

Sandbox escape or How to catch all servers of the company

CodeQL vs Semgrep: Fun and Friendly Showdown of SAST tools🥊

CodeQL vs Semgrep: Fun and Friendly Showdown of SAST tools🥊

Fresh Blood: Why Changing Pentest Providers Can Improve Your Security Posture

Fresh Blood: Why Changing Pentest Providers Can Improve Your Security Posture

Getting ready for your first pentest: startup founders guide

Getting ready for your first pentest: startup founders guide

Pentests Matrix for Top Security Compliances

Pentests Matrix for Top Security Compliances

pentest

When you're so bored, you start debugging someone else's code: bug hunting in a random Cloud-Native project

When you're so bored, you start debugging someone else's code: bug hunting in a random Cloud-Native project

Intro Our team has the challenge of finding bugs in popular Cloud-Native projects on Github. It's a fun activity that is a good alternative to platforms like HTB and benefits the project we're researching. However, unlike HTB, finding a bug is not guaranteed. We wanted to see how easy it

Sandbox escape or How to catch all servers of the company

Sandbox escape or How to catch all servers of the company

CodeQL vs Semgrep: Fun and Friendly Showdown of SAST tools🥊

CodeQL vs Semgrep: Fun and Friendly Showdown of SAST tools🥊

Fresh Blood: Why Changing Pentest Providers Can Improve Your Security Posture

Fresh Blood: Why Changing Pentest Providers Can Improve Your Security Posture

Getting ready for your first pentest: startup founders guide

Getting ready for your first pentest: startup founders guide

Pentests Matrix for Top Security Compliances

Pentests Matrix for Top Security Compliances

A Guide to Resource Discovery for Penetration Testing

A Guide to Resource Discovery for Penetration Testing

rceexploit

Deep Dive into the CVE-2022-29464 RCE exploit

Deep Dive into the CVE-2022-29464 RCE exploit

WSO2 is the leading API Management solution company. It provides various software products for connecting, managing, and securing APIs (Application Programming Interfaces). Organizations in various industries, including financial services, healthcare, government, telecommunications, and retail, use WSO2 products. In April 2022, security researchers recently found a critical vulnerability in certain WSO2

compliance

Pentests Matrix for Top Security Compliances

Pentests Matrix for Top Security Compliances

The multitude of guidelines and regulations can be overwhelming, especially when it comes to understanding the penetration testing requirements for each. Determining what each compliance standard requires from a penetration test can be a headache, but it's crucial to get it right. To simplify the process, we've gathered all of