Injection – What is it?

In the third entry of this ten-part blog series, we will take a brief look at A03:2021: Injection.   According to its high placement on the OWASP Top Ten list, web applications are often found to be vulnerable to Injection attacks through multiple vectors.   Injection attacks can occur if an application sends untrusted data to an […]

Read More

Cryptographic Failures – What is it?

In the second entry of this ten-part blog series, we will be taking a look at A02:2021: Cryptographic Failures. This, the second entry in OWASP’s Top Ten list is described as more of a broad symptom rather than a root cause of vulnerability, and specifically points at failures that occur owing to a lack of […]

Read More

OWASP Top Ten Web Application Risks

The team here at CyberWhite are going to put together a ten-part blog series on the globally recognised OWASP Top Ten list for web application security risks. This list is ordered in terms of prevalence, exploitability, detectability, and impact.  To begin this blog series, we will start by looking at A01:2021-Broken Access Control, moving up […]

Read More

Why is cloud penetration testing important?

Today, more businesses than ever use external computing infrastructure like cloud services to support their operations. It allows businesses to save money and scale operations without investing in physical infrastructure. While this is useful, it also creates another avenue which for malicious parties to exploit. As such, in cyber security it’s important that organisations have […]

Read More

AppCheck Webinar – Rewatch

Appcheck’s webinar on understanding authentication vulnerabilities, is now available to download and view on demand. Please scroll down for instructions on how to download your own copy of the recording. About this event In this webinar AppCheck Ltd’s Director of R&D Nick Blundell will build up an understanding of authentication vulnerabilities, exploring: • Brute-forcing credentials […]

Read More

Phishing – Cyber Security Awareness Month

Cyber Security Awareness Month – Phishing To raise awareness of #cybersecurityawarenessmonth, we would like to talk about phishing today. Phishing is when a hacker will attempt to trick you into clicking a ‘bad link’ that will download malware, or direct you to a harmful website. They can often come in the disguise of a genuine […]

Read More

Business Unmuted – Jobs, Energy Misselling and Cyber Security

It was fantastic to get involved with this weeks Business Unmuted LIVE recording with Graham Robb and Recognition PR.  Our Director, David Horn, was there to represent Cyber security, while he was also joined by Marion Marsland of TICA and Business Energy Claims boss, Callum Thompson. https://cyberwhite.co.uk/wp-content/uploads/2021/08/Business-Unmuted-Episode-29_-Jobs-Energy-Misselling-and-Cyber-Security-NEW.mp4 During the discussion they talked about several topics including; – Ransomware Attacks. – […]

Read More

AppCheck Security Blog – When Encryption Goes bad

Customers new to the AppCheck platform can often be surprised at the number of vulnerabilities that AppCheck highlights relating to transport encryption offered on their services – unencrypted (plaintext) services, web applications with vulnerable cipher suites, encryption libraries containing exploitable flaws, registration forms that email users passwords in clear text. The list of checks that AppCheck performs […]

Read More

AppCheck vs OWASP Top 10 Vulnerabilities

What is the OWASP top 10? How does AppCheck stack up against the top 10? OWASP (Open Web Application Security Project) is an organisation that provides unbiased information and advice around computer and internet applications. The OWASP community regularly come together to review what it believes to be the ten most critical security risks to […]

Read More