Pentest Blog Posts

Unfortunately, many SAML consumers don’t validate responses properly, allowing attacks up to and including full authentication bypass.

The following post aims to provide a high level overview of an iOS application security review methodology and an introduction of some tools publicly available to perform the analysis.

Your Strict Transport Security policy may not be as strict as you think. A common misconfiguration can lead to a suprising amount of plaintext leakage.