Risks of Using HTTP For Your Web Application For modern web applications, the average user will interact over a secure protocol for communication (i.e. HTTPS, or Hypertext Transfer Protocol Secure). However, it’s not uncommon to encounter a web application hosted in an internal corporate environment using the less secure HTTP (Hypertext Transfer Protocol) which communicates […]
Disabling Machine Account Creation Since Windows 2000, Microsoft has enabled the ability for all users to create up to 10 machine accounts by default. This is a “feature” implemented by Microsoft that inadvertently introduces potential vulnerabilities within an Active Directory environment. Secure deployment should ensure that Machine Account creation is limited to specific users or […]
What is a Web Application Penetration Test? The Open Web Application Security Project (OWASP) defines a web application security test as “…an active analysis of the application for any weaknesses, technical flaws, or vulnerabilities”. This is an excellent definition of a web application penetration test, but this article will dive a bit deeper in why […]
A common theme amongst clients when conducting penetration tests is a large attack surface. Generally, the biggest risk is amongst externally exposed assets. However, this can be related to internal penetration tests and web application penetration tests. This blog post will briefly examine the biggest risks associated with a large attack surface. Unknown Assets It […]
What is the difference between a vulnerability scan and a penetration test? A common question many client’s may ask, is what is the difference between a vulnerability scan and a penetration test? This blog post will go into addressing the similarities and differences of each activity. What is a Vulnerability Scan? A vulnerability scan is […]
External penetration tests often require organizations to safeguard their external perimeter against threats, whether for compliance, banking, or client requirements. However, it can be a daunting task which may have you wondering, “What can go wrong during a penetration test?”. This blog post examines the risks and will empower you to address these issues before […]
What is an External Penetration Test? Before diving into what an external penetration test entails, let’s first recap what a penetration test involves. A penetration test simulates an attack on a network, application, device, location, controls, or humans in a controlled environment. Lucid Security conducts external penetration tests by simulating attacks on their internet-facing assets. […]
This process, involving the simulated attack on a network to identify vulnerabilities, is critical for maintaining the integrity and confidentiality of an organization’s data. However, there’s a crucial aspect often neglected during these tests: application security testing.
Lucid Security Engineers regularly encounter HTTP headers during web application or network penetration testing that reveal potentially sensitive information such as application architecture, server versions, or information about the underlying host system. These types of information disclosure vulnerabilities can be utilized by attackers to quickly determine vulnerable server versions and perform more targeted attacks. As […]
Asking “What can go wrong during a penetration test?” before initiating an assessment is both wise and prudent. This blog post outlines the risks associated with penetration testing and strategies to mitigate these risks. Downtime or Disruptions One of the top concerns client’s have about what can go wrong during a penetration test is downtime […]
Lucid Security is a Veteran owned cybersecurity solutions company focused on offensive security and penetration testing.