💥SUCCESS!!! 🎉. @_s_n_t successfully compromises the Samsung Galaxy S23 at #Pwn2Own Toronto 2023!!. Well done Sam, amazing work 👏👏👏.

As the Out of Office messages start to be put up, we wanted to wish everyone a very Merry Christmas from all of us here at Pentest Limited. *<]:{)

Generate videos in just a few seconds. Try Grok Imagine, free for a limited time.

Happy thanksgiving to all our US clients, staff & friends. Have a great day!!

Using JSON Web Tokens (JWTs) for your application/API's session management? . Richard Mason outlines some of the most common security issues we find during testing and how you can mitigate against them.

There is often a balance between convenience & security when it comes to password managers. Paul Johnston discusses these potential issues and shares the password he uses.

If you understand the likely steps of an attack, you can better protect your organisation. That's where the Cyber Kill Chain comes in. Mark Rose take a look at the Cyber Kill Chain and how it can be used to help improve your cybersecurity posture.

Reporting isn't just a piece of paper or a pdf delivered at the end of a test, it's an ongoing process. See how we can tailor our reporting process to meet your specific needs and adapted to your ways of working.

Threat actors – who are they and what do they want from your organisation? . Mark Rose takes a look at your technology stack, the threats and how you can improve your security posture -

We take a look at some of the most common, high-risk web application issues we identify throughout our testing.

The CrowdStrike incident highlighted the importance of the digital supply chain & although not a hack, showed what could be done if a supplier were to be breached. So, how can organisations better secure their digital supply chain? We take a look:

Are your cloud-based applications at heightened risk of cross-tenant attack?. Paul Johnston discusses the issues and how you can go about creating a secure application architecture.

Happy 4th of July to all our US clients, staff and friends!!!

Who is targeting your organisation? . Mark Rose helps you get a clear picture of your technology stack, identify likely threat actors and ultimately, improve your cybersecurity posture.

Happy Birthday to us, Happy Birthday to us, Happy Birthday to Pentest, Happy Birthday to us!! 🎉 . Pentest - 23 years old today! Here's to many more. Big thank you to everyone who has been involved in Pentest (past and present) for helping us get this far. 🙌

“I thought you were hackers. Surely you don’t need this?”. Many clients are surprised when we ask for IPs to be whitelisted, creds to be provided or for access to source code for testing. There's a simple reason we ask, more info = more thorough testing.

How secure are your web applications?. We take a look at some of the common high-risk issues we find during our web app penetration testing -

AI is all the rage & many organisations are starting to use AI technology to enhance their chatbots. But what security challenges do AI chatbots face? . We outline some concerns & share practical steps to ensure your AI chatbots are as secure as possible.

RT @TheZDIBugs: [ZDI-24-087|CVE-2023-22817] (Pwn2Own) Western Digital MyCloud PR4100 RESTSDK Server-Side Request Forgery Vulnerability (CVS….

RT @TheZDIBugs: [ZDI-24-088|CVE-2023-22819] (Pwn2Own) Western Digital MyCloud PR4100 RESTSDK Uncontrolled Resource Consumption Denial-of-Se….

The web-based AI chatbots are coming!! 🤖 🤖 . But what are the security challenges they face and how do you go about protecting them from threats, as well as the risk of manipulation and misuse. Michael Minchinton gives his security insights.

Big thanks to @OwaspMcr🙌for arranging tonight's OWASP event & giving us the chance to sponsor the food and drink 🍕🍕🍻🍻. Also, thanks to @AmazonUK for hosting, the speakers (Stuart Crawford & @tom_bluu) & of course everyone who attended!!!