HTTP headers and web application security: an underrated layer of defence Discussions around web application security typically focus on backend logic, authentication, WAFs or vulnerability assessments. However, there is a layer that rarely receives attention, despite...
Session fixation: An underestimated threat Session fixation rarely receives the same level of attention as vulnerabilities such as XSS or SQL injection. The reason is simple: it’s less visible, harder to understand, and does not present itself as a classic break-in....
What does an ethical hacker do? – And why it is a business question Spoiler: an ethical hacker – aka pentester – is not sitting in a dark basement wearing a black hoodie. Even if Hollywood has done a remarkably good job convincing us otherwise. So what does an ethical...
Clickjacking: When a click doesn’t mean what you think In the world of web security, many attacks rely on complex exploits, vulnerable code or poorly configured systems, but clickjacking belongs to a very different category. Here, the attacker’s goal is not to break...
Password policy explained: What makes a good password? Passwords remain the most widely used authentication mechanism in the digital world. That’s why the “good password” is kinda treated as the Holy Grail. Banking applications, enterprise systems, cloud platforms,...
