Today we're going to talk about SSRF attack that allows hackers to send any network requests from the back-end server by using <img> tags.
In four steps you will learn why you should have started thinking about security even before the project idea was born and why coding standards and hired security geeks can become a turning point for your business stability.
The topic of security often provokes hesitation in terms of selecting the right methods to protect your business. Keep steady, in this article, we'll draw a line between vulnerability assessment and penetration testing.
Rapid development frameworks put the development process on a high speed. At the same time, they provoke more vulnerabilities than others. So, RAD frameworks - to be or not to be?
An organization compliant with certain regulations is way more competitive and inspires more clients' confidence among other companies of its domain. More to that, falling short of appropriate security measures involves harsh penalties and considerable fines.
Selecting the best penetration testing company can be compared to choosing the right summer camp: those people are going to take care of your "child"! You expect them to be professional, gentle and want your "kid" come back safe and in better health! Here are some recommendations to stick to at picking the best penetration test vendor.
We are not going to talk about developers' mistakes that could lead to serious holes in the live system. Everything is much simpler - the source code itself may contain direct instructions and access - a cherry pie for someone with bad intentions.
Have you heard of a ‘secret customer’ trick? The person pretending to be a customer hired by a third party to test the quality of services provided by the business. Penetration testing works similarly: the so-called noble hackers attempt to track down weak spots in a computer system.
This article presents several fundamental directions that are simple, will improve web application security and teach you to keep it under control.
Log management is an part of any server administrator’s responsibility and is an part of security solutions. There you can find some tips on critical logs that you need for incident investigation and response.
Here is the list of most popular and useful nmap commands for port scanning, traffic tracing, getting IP info and many other.
Here is the list of most popular tcpdump that Dhound team use for production network troubleshooting or capture security events. Tcpdump is a command line network packet sniffer for Linux-based systems.
More and more companies are moving to cloud-based data and workloads, as this is a convenient and fast way to scale. All of these companies are faced with the problem of expanding their security to the new environment.
Hackers use increasingly complex and sophisticated techniques to crack the system and stay there undiscovered as long as possible.
All this makes us think that prevention is certainly good, but timely detection and incident response are more relevant in the world where you can not prevent hacker attacks by 100%.
We are very pleased to announce that Dhound has received two prestigious awards from the popular B2B reviews portal FinancesOnline. Additionally, Dhound was recognized in the top list of cyber security software tools.