Comparing Site Maps: Access Control Flaws

We come across broken access control vulnerabilities frequently during penetration testing engagements and it’s the most prevalent web application security risk on the 2021 OWASP Top 10. In today’s blog we’ll showcase how Burp Suite’s compare site map functionality can be used to help effectively identify access control flaws.   What is Broken Access Control? […]

DEFCON 31 Highlights

This year, the Predatech team jetted off to sunny Las Vegas to attend DEFCON 31. The event brought together cyber security professionals, hackers, researchers and enthusiasts to share knowledge and discuss cutting-edge developments. With so much to see in a long weekend the team was spoilt for choice with a range of talks, workshops and […]

What is CSRF and How Can You Prevent It?

Cross-site request forgery (CSRF) is a common web application vulnerability that can put users’ online accounts and sensitive information at risk. In this blog, we provide an overview of CSRF attacks, including how they work, what makes them dangerous, and what mitigations can be put in place to protect your application.   What is Cross-Site […]

How to Prepare for a Penetration Test

Penetration testing is often a critical component of a cyber security program. It can help you to identify where your systems need improvement and often expose major vulnerabilities that would otherwise have been exploited by attackers. But it’s not always clear how you can prepare and get the most out of testing. In this blog […]

Blind SQL Injection Exploitation Using Burp Suite

Currently regarded as the one of the greatest risks to web application security (and listed in third place in the OWASP Top 10 for 2021), injection is a class of vulnerability that sits at the core of developer security nightmares. Not only can the exploitation of an injection vulnerability lead to the compromise of sensitive […]

Securing Your Software Development Life Cycle

It’s been three decades since the advent of the World Wide Web and since then, web content has transformed from serving simple HTML files to delivering fully-fledged web applications brimming with rich functionality. Although this transformation has enabled developers to produce incredible products for users to consume, the dramatic increase in the complexity of web […]

Fingerprinting Web Application Technologies

When starting a web application penetration test, a fair bit of time is invested into mapping out the application and understanding its underlying technologies. Abraham Lincoln once famously said, “Give me six hours to chop down a tree and I will spend the first four sharpening the axe,” and it’s this same careful preparation that […]

Burp Suite for Web App Pentesting: Tool Showcase

In the age of increasingly complex and functionality rich web applications, the tools we use to dynamically test the security of these applications need to be both flexible and intuitive. Sometimes referred to as the ‘Swiss army knife’ of web application security testing, Burp Suite, fits the bill perfectly, and it’s something we use when […]

What is the OWASP Top 10?

What is OWASP? The Open Web Application Security Project (OWASP) is a community-led nonprofit foundation committed to improving the security of software. For 20 years OWASP has been a repository for web application security resources including documentation, tools, videos, and forums, all of which are freely available and accessible via their website. One of OWASP’s […]

How to Test and Secure a WordPress Site

WordPress is the most popular content management system in the world with over 40% of all websites running on this open-source platform. Given its popularity, WordPress’s core source code is regularly reviewed and heavily dissected by its community, making the core software relatively secure when compared to custom-built web applications. However, this doesn’t mean that […]