Month: April 2018

  • 25 vulnerabilities found in our latest penetration test

    Our latest penetration test was a quite tricky one! The application is huge and it took us much longer to finish the assessment than expected. Even though we had not budgeted for this we stayed committed and managed to pick up quite a few vulnerabilities. This was also the first time we included methods that […]

  • Old browsers will stop working on some https sites (Hardening Webserver SSL/TLS Protocols and Cipher)

    Whenever you connect to an https (encrypted) site, your browser and the site agree on one of the many encryption protocols available between them. Some of these protocols are old, and are now considered less secure and hence vulnerable. The only reason they were kept around is because of compatibility with old browsers, since the […]

  • Risk management and risk register for your organisation

    Risk management while sounding threatening and complicated is really very simple; you need to identify/list all the risks, prioritise them, and then find effective and economical ways to reduce these risks. This is also an important GDPR requirement. The steps needed to follow are Identifying risks: find out what could cause harm. A good group […]

  • Scope of the web application assessment (penetration test)

    sapna security has a team which has years of experience on web architecture and applications and their vulnerabilities. Accordingly we have created a strong web application assessment list which includes the following areas: Injection Authentication Session Management Cross Site Scripting (XSS) Insecure Direct Object References Sensitive Data Exposure Access control Cross-Site Request Forgery (CSRF) Unvalidated […]