Pentesters, Don't Overblow the Risks of Your Findings

Recently we got a call from a concerned client: A penetration testing firm engaged by one of their branch offices had reported a major vulnerability in a mobile app! The finding was in a core techn...

Why You Should Be Looking for Zero Day Vulnerabilities During Pen Tests

Penetration testing is a creative endeavor: The goal is to find vulnerabilities an attacker would exploit, using the same tools and methods the attacker would use. Experienced attackers don't shy a...

Security and ATMs - Part 1: Software, Hardware and Attack Surface.

For the last eight years I have worked on various consumer banking ATM deployments for international banks in the Asia / Pacific region, including New Zealand, Singapore, Indonesia and Taiwan. This...

How to conveniently export Burp findings to Dradis tables

Reporting for security testing projects can be a cumbersome and mind numbing task especially if you still stick to Word templates and have to dig for vulnerability descriptions in old reports. For ...