Securing https://www.securing.pl/en/ Mon, 03 Mar 2025 11:55:19 +0000 en-US hourly 1 https://www.securing.pl/wp-content/uploads/2020/09/favicon.png Securing https://www.securing.pl/en/ 32 32 The Tick – The Next Evolution in RFID Security Testing! https://www.securing.pl/en/the-tick-the-next-evolution-in-rfid-security-testing/ Fri, 28 Feb 2025 13:26:10 +0000 https://www.securing.pl/?p=15124 The Tick is a powerful and discreet access control system implant designed for red teamers, security auditors, and hardware hackers.

The post The Tick – The Next Evolution in RFID Security Testing! appeared first on Securing.

]]> Threat-Led Penetration Testing (TLPT) – How to be DORA compliant in 2025? https://www.securing.pl/en/threat-led-penetration-testing-tlpt-how-to-be-dora-compliant-in-2025/ Fri, 28 Feb 2025 07:59:41 +0000 https://www.securing.pl/?p=15048 The Digital Operational Resilience Act (DORA), coming into effect in January 2025, imposes new cyber-resilience obligations on financial institutions in the European Union.

The post Threat-Led Penetration Testing (TLPT) – How to be DORA compliant in 2025? appeared first on Securing.

]]> CVE-2025-26788: Passkey Authentication Bypass in StrongKey FIDO Server https://www.securing.pl/en/cve-2025-26788-passkey-authentication-bypass-in-strongkey-fido-server/ Fri, 14 Feb 2025 12:10:30 +0000 https://www.securing.pl/?p=14906 A vulnerability in the StrongKey FIDO Server Non-Discoverable Credential Authentication flow allowed to take over an account of any user.

The post CVE-2025-26788: Passkey Authentication Bypass in StrongKey FIDO Server appeared first on Securing.

]]> The year in review: The most interesting Single Sign-On vulnerabilities of 2024 https://www.securing.pl/en/the-year-in-review-the-most-interesting-single-sign-on-vulnerabilities-of-2024/ Mon, 27 Jan 2025 11:52:01 +0000 https://www.securing.pl/?p=14721 Check out a summary of 2024’s most interesting Single Sign-On vulnerabilities, and make sure your company is not vulnerable to last year’s security misconfigurations.

The post The year in review: The most interesting Single Sign-On vulnerabilities of 2024 appeared first on Securing.

]]> CVE-2024-50603: Aviatrix Network Controller Command Injection Vulnerability https://www.securing.pl/en/cve-2024-50603-aviatrix-network-controller-command-injection-vulnerability/ Tue, 07 Jan 2025 14:14:06 +0000 https://www.securing.pl/?p=14135 Due to the improper neutralization of the user-controllable input before it is passed for the execution, an unauthenticated attacker can send a payload that is executed on the Aviatrix Network Controller.

The post CVE-2024-50603: Aviatrix Network Controller Command Injection Vulnerability appeared first on Securing.

]]> New Year, New IAM: A reasonable approach to Identity and Access Management in 2025 https://www.securing.pl/en/new-year-new-iam-a-reasonable-approach-to-identity-and-access-management-in-2025/ Tue, 17 Dec 2024 14:45:25 +0000 https://www.securing.pl/?p=14044 As 2024 ends, it's the perfect time to reflect on what 2025 might bring for Identity and Access Management (IAM). This article offers practical New Year's resolutions to enhance your company's IAM security with achievable goals.

The post New Year, New IAM: A reasonable approach to Identity and Access Management in 2025 appeared first on Securing.

]]> Making iOS apps secure with iOS Security Suite (ISS) https://www.securing.pl/en/making-ios-apps-secure-with-ios-security-suite-iss/ Wed, 11 Dec 2024 14:44:28 +0000 https://www.securing.pl/?p=14007 iOS Security Suite (ISS) is an advanced and easy-to-use platform security & anti-tampering library written in pure Swift!

The post Making iOS apps secure with iOS Security Suite (ISS) appeared first on Securing.

]]> Red Teaming in practice: Physical Security Testing tutorial https://www.securing.pl/en/red-teaming-in-practice-physical-security-testing-tutorial/ Tue, 05 Nov 2024 19:54:57 +0000 https://www.securing.pl/?p=13928 Red teaming represents a unique approach to assessing an organization's security posture. Learn how to hack access control systems and RFID readers and break into organizations with style.

The post Red Teaming in practice: Physical Security Testing tutorial appeared first on Securing.

]]> Baking Mojolicious Cookies revisited: a case study of solving security problems through security by obscurity https://www.securing.pl/en/baking-mojolicious-cookies-revisited-a-case-study-of-solving-security-problems-through-security-by-obscurity/ Tue, 29 Oct 2024 09:03:46 +0000 https://www.securing.pl/?p=13877 Known for its agility and simplicity, the Mojolicious framework is especially valued in niche industries with a Perl heritage. In our recent security assessment, the use of under-the-radar technology introduced unique features and challenges. Learn how we overcame these difficulties.

The post Baking Mojolicious Cookies revisited: a case study of solving security problems through security by obscurity appeared first on Securing.

]]> Security of External Dependencies in CI/CD Workflows https://www.securing.pl/en/security-of-external-dependencies-in-ci-cd-workflows/ Wed, 09 Oct 2024 12:34:11 +0000 https://www.securing.pl/?p=13672 Use of external dependencies in build processes brings common security risks related to code integrity. But have you considered all of them?

The post Security of External Dependencies in CI/CD Workflows appeared first on Securing.

]]>