ONSEC: Boutique Penetration Testing Agency

Sign in Subscribe

pentest

A Guide to Resource Discovery for Penetration Testing

A Guide to Resource Discovery for Penetration Testing

Introduction Resource enumeration is an essential part of both the pentest preparation and reconnaissance during the pentest. Our team often finds customer internal resources in public access or vulnerable services that are not reflected in the original scope. It is always important to understand that there may be a resource/

White, black, gray, or crystal? Unpacking pentests.

White, black, gray, or crystal? Unpacking pentests.

We often hear about different types of penetration tests, however, it's still not clear how they are different and beneficial. In this article, you can find all these answers and comparison tables. There are several different types of pen testing, each with their own set of benefits and

Deep Dive into the CVE-2022-29464 RCE exploit

Deep Dive into the CVE-2022-29464 RCE exploit

WSO2 is the leading API Management solution company. It provides various software products for connecting, managing, and securing APIs (Application Programming Interfaces). Organizations in various industries, including financial services, healthcare, government, telecommunications, and retail, use WSO2 products. In April 2022, security researchers recently found a critical vulnerability in certain WSO2