Category methodology

When to Conduct a Penetration Test: Timing is Key

Organizations use penetration testing, also known as “pen testing” or “ethical hacking,” as a crucial security measure to find and fix holes in their systems and networks. To identify and...

Understanding Pentesting: Why It's Essential for Securing Your Business

What is Penetration Testing: A “pen-test,” also referred to as a penetration test, simulates a cyber-attack on a computer system, network, or web application in order to assess the security...

Understanding Penetration Testing: Types, Methodology, and Best Practices

introduction Penetration testing, also referred to as “pentesting,” is a technique for assessing the security of a computer network, web application, or other system by simulating an attack by a...

Understanding the Process: A Guide to Penetration Testing Phases

Penetration testing, also referred to as “pen testing” or “ethical hacking,” is a technique for assessing a computer system’s, network’s, or web application’s security by simulating an attack from a...

SNAPSEC - Our Methodology

As a cybersecurity and penetration testing company, it is important for us to have a clear and thorough methodology in place to ensure the effectiveness and reliability of our services....

Category VAPT

When to Conduct a Penetration Test: Timing is Key

Organizations use penetration testing, also known as “pen testing” or “ethical hacking,” as a crucial security measure to find and fix holes in their systems and networks. To identify and...

Understanding Pentesting: Why It's Essential for Securing Your Business

What is Penetration Testing: A “pen-test,” also referred to as a penetration test, simulates a cyber-attack on a computer system, network, or web application in order to assess the security...

Understanding Penetration Testing: Types, Methodology, and Best Practices

introduction Penetration testing, also referred to as “pentesting,” is a technique for assessing the security of a computer network, web application, or other system by simulating an attack by a...

Understanding the Process: A Guide to Penetration Testing Phases

Penetration testing, also referred to as “pen testing” or “ethical hacking,” is a technique for assessing a computer system’s, network’s, or web application’s security by simulating an attack from a...

SNAPSEC - Our Methodology

As a cybersecurity and penetration testing company, it is important for us to have a clear and thorough methodology in place to ensure the effectiveness and reliability of our services....

Category cyberattacks

AI in cyberattack lifecycle

Network defenders and the cybersecurity industry must move their focus from the network’s edges and endpoints to the network’s interior. Inside the network, IT and security data collection is frequently...

AI in Cybersecurity

Not only has the number of cyberattacks increased significantly over the last few decades, but they have also become more sophisticated. As a result, developing a cyber-resilient strategy is critical....

Why Are Small Businesses Interesting Targets For Cybercriminals

You might think great businesses are more threatened by data breaches and cyber attacks than small businesses. They do, but that’s not the case every time.

Category businesses

Why Are Small Businesses Interesting Targets For Cybercriminals

You might think great businesses are more threatened by data breaches and cyber attacks than small businesses. They do, but that’s not the case every time.

Category article

We Hacked Larksuite For 1 month and Here is what we found

Almost a year back in March 2020 shuffling our private invites stock to crash into a program worthy of our time and excitement. In a while, we stumbled upon a...

How did we Found Log4shell on Agorapulse

Log4j is a logging framework for Java applications. It is a popular choice for developers looking for a simple and flexible logging solution. However, in the past Log4j has been...

Attacking Rate Limit Protection in Modern Web Apps

What is rate-limiting? Well, Rate limiting is a process of limiting requests received by the networking device. It is used to control network traffic. Suppose a web server allows up...

Attacking 2FA in Modern Web Apps

You might be familiar with the annoying OTPS or other authentication tokens delivered right after you log into your favorite site. This article will help you to understand the purpose...

Attacking CORS Misconfigurations in Modern Web Apps

If you are a developer, you already know that it’s nearly impossible to keep every resource in one place. It’s expensive (because everything has to be managed by one party)...

A Hacker Mindset

Whenever the word hacker strikes your ears your mind will always conjure up a picture of a hoodie wearing computer genius with multiple screens in front of him lit with...

Abusing Business Logic of an Application to create backdoor in a form APP

Working with a target having various access roles and functionalities always gives us goosebumps. This time it was a design flaw in the application logic that we reformed to create...

Attacking Access Control Models in Modern Web Apps

So far you may have come across various web applications where you were able to invite members with limited access to the information within the organization. Developers are able to...

Category broken-access-control

We Hacked Larksuite For 1 month and Here is what we found

Almost a year back in March 2020 shuffling our private invites stock to crash into a program worthy of our time and excitement. In a while, we stumbled upon a...

Attacking Business Logic issues in Modern Web Apps

The complexity of the modern applications has increased exponentially in the past decade. Unfortunately, this has also increased the attacker surface and hence increased the total number of vulnerabilities that...

Abusing Business Logic of an Application to create backdoor in a form APP

Working with a target having various access roles and functionalities always gives us goosebumps. This time it was a design flaw in the application logic that we reformed to create...

Attacking Access Control Models in Modern Web Apps

So far you may have come across various web applications where you were able to invite members with limited access to the information within the organization. Developers are able to...

Category general

10 reasons your Orginisation needs a penetration testing

A penetration test, colloquially known as a pen test or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system. The...

Attacking File Uploads in Modern Web Applications

File sharing or simple file upload functionality is a widely used feature in web apps now a days. Any misconfiguration in this one feature can put the entire application or...

Spring4Shell: Everything you need to know.

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run...

Top 5 Cyber Attacks Of 2021

Due to the growth of technologies around the world and their effects to our privacy, data security has also been an issue. In terms of data breaches, websites or applications...

Continuous Security Testing - Snapsec

According to Security Researchers, every code update/push to your production server or application may bring new vulnerabilities into action. Because every time a code on the server changes, It affects...

How data breaches effects your business and brand value

A data breach is a revenue-killing monster that no business wants to deal with. The cost of that nightmare starts right away and doesn’t stop until the last piece of...

Category writeup

Attacking Business Logic issues in Modern Web Apps

The complexity of the modern applications has increased exponentially in the past decade. Unfortunately, this has also increased the attacker surface and hence increased the total number of vulnerabilities that...

Category mindset

A Hacker Mindset

Whenever the word hacker strikes your ears your mind will always conjure up a picture of a hoodie wearing computer genius with multiple screens in front of him lit with...

Category cors

Attacking CORS Misconfigurations in Modern Web Apps

If you are a developer, you already know that it’s nearly impossible to keep every resource in one place. It’s expensive (because everything has to be managed by one party)...

Category 2FA

Attacking 2FA in Modern Web Apps

You might be familiar with the annoying OTPS or other authentication tokens delivered right after you log into your favorite site. This article will help you to understand the purpose...

Category Attacking-Modern-Web-Apps

Attacking Rate Limit Protection in Modern Web Apps

What is rate-limiting? Well, Rate limiting is a process of limiting requests received by the networking device. It is used to control network traffic. Suppose a web server allows up...

Category blog-post

Attacking File Uploads in Modern Web Applications

File sharing or simple file upload functionality is a widely used feature in web apps now a days. Any misconfiguration in this one feature can put the entire application or...

Top 5 Cyber Attacks Of 2021

Due to the growth of technologies around the world and their effects to our privacy, data security has also been an issue. In terms of data breaches, websites or applications...

Continuous Security Testing - Snapsec

According to Security Researchers, every code update/push to your production server or application may bring new vulnerabilities into action. Because every time a code on the server changes, It affects...

Category Continuous-security

Continuous Security Testing - Snapsec

According to Security Researchers, every code update/push to your production server or application may bring new vulnerabilities into action. Because every time a code on the server changes, It affects...

Category data-breaches

Top 5 Cyber Attacks Of 2021

Due to the growth of technologies around the world and their effects to our privacy, data security has also been an issue. In terms of data breaches, websites or applications...

Category spring4shell

Spring4Shell: Everything you need to know.

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run...

Category attacking-modern-webapps

Attacking Authentication in Modern Web Applications

Authentication issues are easy to understand however they can sometimes prove the most critical ones because of the fact that authentication is the core of security in any application. In...

Category authentication

Attacking Authentication in Modern Web Applications

Authentication issues are easy to understand however they can sometimes prove the most critical ones because of the fact that authentication is the core of security in any application. In...

Category imran

Security Simplified - Open Redirect [Server Side]

Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application that...

Attacking File Uploads in Modern Web Applications

File sharing or simple file upload functionality is a widely used feature in web apps now a days. Any misconfiguration in this one feature can put the entire application or...

Category pentesting

10 reasons your Orginisation needs a penetration testing

A penetration test, colloquially known as a pen test or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system. The...

Category blog

10 reasons your Orginisation needs a penetration testing

A penetration test, colloquially known as a pen test or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system. The...

Category Security-Simplified

Security Simplified - Learn How To Find, Exploit and Mitigate Web Vulnerabilites.

During our subtle technical experience of 7 years in Application security Industry we have often noticed that majority of the people who are into this space know how to exploit...

Category web-sec

Security Simplified - Learn How To Find, Exploit and Mitigate Web Vulnerabilites.

During our subtle technical experience of 7 years in Application security Industry we have often noticed that majority of the people who are into this space know how to exploit...

Category dev

Security Simplified - Learn How To Find, Exploit and Mitigate Web Vulnerabilites.

During our subtle technical experience of 7 years in Application security Industry we have often noticed that majority of the people who are into this space know how to exploit...

Category XSS

Finding Multiple Security Issues on Agorapulse

Agorapulse provides everything an organization could possibly need for social media marketing, monitoring, and management. Agorapulse is a full-featured social media management platform. Some of its features include a variety...

Security Simplified - Reflected XSS

Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application, Reflected XSS arises when...

Category security-simplified

Security Simplified - Reflected XSS

Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application, Reflected XSS arises when...

Category tutorial

Security Simplified - Open Redirect [Server Side]

Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application that...

Security Simplified - SQL Injection

What is SQL Injection SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows...

Category security-explained

Security Simplified - SQL Injection

What is SQL Injection SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows...

Category log4shell

How did we Found Log4shell on Agorapulse

Log4j is a logging framework for Java applications. It is a popular choice for developers looking for a simple and flexible logging solution. However, in the past Log4j has been...

Category uber

Lastpass Breach - Everything you need to know

One of the largest online password manager with Over 25 million users as of 2020. LastPass suffered a massive data breach recently. The data included user information and vault data....

Uber Breach - Few Security Takeaways

On 15 September, UBER acknowledged that it was responding to a “cybersecurity incident” and had contacted law authorities about the hack. An individual claiming to be an 18-year-old hacker claimed...

Category Privilege-escalation

Finding Multiple Security Issues on Agorapulse

Agorapulse provides everything an organization could possibly need for social media marketing, monitoring, and management. Agorapulse is a full-featured social media management platform. Some of its features include a variety...

Category Log4Shell

Finding Multiple Security Issues on Agorapulse

Agorapulse provides everything an organization could possibly need for social media marketing, monitoring, and management. Agorapulse is a full-featured social media management platform. Some of its features include a variety...

Category AI

AI in cyberattack lifecycle

Network defenders and the cybersecurity industry must move their focus from the network’s edges and endpoints to the network’s interior. Inside the network, IT and security data collection is frequently...

AI in Cybersecurity

Not only has the number of cyberattacks increased significantly over the last few decades, but they have also become more sophisticated. As a result, developing a cyber-resilient strategy is critical....