Risks of Using HTTP For Your Web Application For modern web applications, the average user will interact over a secure protocol for communication (i.e. HTTPS, or Hypertext Transfer Protocol Secure). However, it’s not uncommon to encounter a web application hosted in an internal corporate environment using the less secure HTTP (Hypertext Transfer Protocol) which communicates […]
Disabling Machine Account Creation Since Windows 2000, Microsoft has enabled the ability for all users to create up to 10 machine accounts by default. This is a “feature” implemented by Microsoft that inadvertently introduces potential vulnerabilities within an Active Directory environment. Secure deployment should ensure that Machine Account creation is limited to specific users or […]
What is a vulnerability scan? How does it differ from a Contact us? What are the benefits of a vulnerability scan? How often should you conduct a vulnerability scan? This article answers all these questions! What is a vulnerability scan? A vulnerability scan is essentially an automated process to identify potential security risks associated with […]
External penetration tests often require organizations to safeguard their external perimeter against threats, whether for compliance, banking, or client requirements. However, it can be a daunting task which may have you wondering, “What can go wrong during a penetration test?”. This blog post examines the risks and will empower you to address these issues before […]
Lucid Security Engineers regularly encounter HTTP headers during web application or network penetration testing that reveal potentially sensitive information such as application architecture, server versions, or information about the underlying host system. These types of information disclosure vulnerabilities can be utilized by attackers to quickly determine vulnerable server versions and perform more targeted attacks. As […]
In the digital age, where cyber threats loom larger and more sophisticated than ever, organizations must fortify their defenses to protect sensitive data and maintain trust. The Center for Internet Security (CIS) Critical Security Controls, commonly referred to as the CIS Top 18, provides a strategic framework for mitigating the most prevalent cyber risks. However, […]
Lucid Security is a Veteran owned cybersecurity solutions company focused on offensive security and penetration testing.