Knowledge Base for Penetration Testing
In this article, you will learn how to create secure HTTPS gateways on Kubernetes. We will use Cert Manager to generate TLS/SSL certificates. With Istio we can create secure HTTPS gateways and expose them outside a Kubernetes cluster. Our test application is built on top of Spring Boot. We will consider two different ways of […]
Mobile device management (MDM) is the process of tracking, controlling, and securing the organization’s mobile infrastructure. MDM solutions are usually web-based platforms that enable administrators to work from a centralized console. Using MDM, the organization can enforce its security policies, as well as manage applications, data, and other content, all at once on every mobile […]
Hardware and software should be hardened as much as possible before it is added to a network. Organizations should make the assumption that the device or application is not safe when they receive it. The client should research and identify any issues that the manufacturer or publisher are already aware of. All known vulnerabilities should […]
Password Hashing and Encryption The following list includes mitigation strategies you will want to present to your clients concerning secure password storage and transmission: Multi-Factor Authentication Just a few years ago, the cost of implementing multi-factor authentication could be quite high. More recently, it has become very affordable, costing as little as $10 USD per […]
Insecure Coding Practices Most of the previous exploits are made possible due to poor coding practices during development. You should attempt to leverage these mistakes whenever you can. The following are examples of insecure coding practices. Note that these apply to most types of software, not just web apps: Reverse Engineering Reverse engineering, as applied […]
by