Authentication Security for SaaS Startups: What to Get Right
A practical guide to authentication security for SaaS startups. Passwords, MFA, session management, and the mistakes we find most often in real-world testing.
Founder of Exploitr. OSCE and OSCP certified. I've spent 12+ years breaking into systems to help UK and international businesses understand their real security risks.
Is Your Penetration Test Leaking Data to Third-Party AI?
AI penetration testing tools may be sending your sensitive data to third-party LLMs without your knowledge. Before you sign a contract, here are the questions your vendor should be able to answer.
LLMNR (Link-Local Multicast Name Resolution) Poisoning Attack
What is LLMNR? Link-Local Multicast Name Resolution (LLMNR) is a network protocol that acts as a fallback mechanism for DNS…
Scoping a Network Assessment: What to Expect From Your First Pentest
Following on from our previous blog post on scoping a web application assessment, we’ll be taking a look at what…
Scoping a Web App Assessment: What to Expect From Your First Pentest
Your business or organisation is planning to have a penetration test – but you’ve never had one before. Let’s run…
OK, now it’s really time to disable Net-NTLMv1
The risks of poisoning attacks against Net-NTLMv1 have grown with the release of an 8.6TB rainbow table. Net-NTLMv1 isn’t fully…
When Security Issues Kill the Vibe (Coding)
Vibe coding is a modern day buzzword for prompt-driven, AI-assisted development. Over the last few years there has been an…
Secure Your Email with DKIM
What is DKIM? DKIM (DomainKeys Identified Mail) is an email authentication method that allows a domain to sign its emails…
Secure Your Email with DMARC
What is DMARC? DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a security mechanism that works alongside SPF (Sender Policy…