Bridging The Security Gap
During our penetration testing activities, we are often confronted with environments that are constructed using off-the-shelf or open source third-party components / frameworks. Although off-the-shelf or open source may suggest a certain level security, we always advise to include such elements in the scope of the test, as you never know what you may find.
Recently, I was talking with a friend and they brought up the subject of my job. After explaining that I get to hack into companies’ websites, networks and whatnot, they asked the Inevitable Question that tends to follow in such a conversation:
“So, how do you actually hack a website?”