Risks of Using HTTP For Your Web Application For modern web applications, the average user will interact over a secure protocol for communication (i.e. HTTPS, or Hypertext Transfer Protocol Secure). However, it’s not uncommon to encounter a web application hosted in an internal corporate environment using the less secure HTTP (Hypertext Transfer Protocol) which communicates […]
Disabling Machine Account Creation Since Windows 2000, Microsoft has enabled the ability for all users to create up to 10 machine accounts by default. This is a “feature” implemented by Microsoft that inadvertently introduces potential vulnerabilities within an Active Directory environment. Secure deployment should ensure that Machine Account creation is limited to specific users or […]
A common theme amongst clients when conducting penetration tests is a large attack surface. Generally, the biggest risk is amongst externally exposed assets. However, this can be related to internal penetration tests and web application penetration tests. This blog post will briefly examine the biggest risks associated with a large attack surface. Unknown Assets It […]
This process, involving the simulated attack on a network to identify vulnerabilities, is critical for maintaining the integrity and confidentiality of an organization’s data. However, there’s a crucial aspect often neglected during these tests: application security testing.
Lucid Security is a Veteran owned cybersecurity solutions company focused on offensive security and penetration testing.