Risks of Using HTTP For Your Web Application For modern web applications, the average user will interact over a secure protocol for communication (i.e. HTTPS, or Hypertext Transfer Protocol Secure). However, it’s not uncommon to encounter a web application hosted in an internal corporate environment using the less secure HTTP (Hypertext Transfer Protocol) which communicates […]
Disabling Machine Account Creation Since Windows 2000, Microsoft has enabled the ability for all users to create up to 10 machine accounts by default. This is a “feature” implemented by Microsoft that inadvertently introduces potential vulnerabilities within an Active Directory environment. Secure deployment should ensure that Machine Account creation is limited to specific users or […]
What is a Web Application Penetration Test? The Open Web Application Security Project (OWASP) defines a web application security test as “…an active analysis of the application for any weaknesses, technical flaws, or vulnerabilities”. This is an excellent definition of a web application penetration test, but this article will dive a bit deeper in why […]
A common theme amongst clients when conducting penetration tests is a large attack surface. Generally, the biggest risk is amongst externally exposed assets. However, this can be related to internal penetration tests and web application penetration tests. This blog post will briefly examine the biggest risks associated with a large attack surface. Unknown Assets It […]
Social media has become an integral part of our daily lives, both personally and professionally. Whether you’re promoting your business, sharing updates with your audience, or connecting with friends, the way you present yourself on social media can significantly impact your online presence. However, navigating the world of social media can be tricky, and even […]
In the realm of software development, the open-source ecosystem plays a pivotal role, enabling developers to leverage pre-existing code libraries and packages to expedite the development process. However, the dynamics of open-source software come with their own set of security challenges, one of which revolves around the changing ownership of packages. While changing package owners […]
In the digital age, where technology dominates almost every aspect of our lives, the threat of cyber attacks looms large, particularly in the workplace. As businesses increasingly rely on digital systems and data storage, the risk of falling victim to malicious cyber activity has never been greater. The consequences of such attacks can be devastating, […]
Lucid Security is a Veteran owned cybersecurity solutions company focused on offensive security and penetration testing.