Resource Center  >  Blog  

Admir Dizdar
penetration testing tools

Penetration Testing Tools: 10 Tools to Supercharge Your Pentests

Penetration testing (pentesting) is a simulated attack launched for the purpose of uncovering security vulnerabilities. A pentest helps organizations discover security gaps, using a realistic simulation of a cyber attack, which does not cause damage or expose sensitive data. 

What Is DNS Tunneling and How to Detect and Prevent Attacks

DNS tunneling is a DNS attack technique that involves encoding the information of other protocols or programs in DNS queries and responses. DNS tunneling generally features data payloads which can latch onto a target DNS server, allowing the attacker to manage applications and the remote server. 

11 API Security Best Practices You Must Know

API security is the use of any security practice relating to application programming interfaces (APIs), which are common in modern applications. API security involves managing API privacy and access control and the identification and remediation of attacks on APIs. These attacks exploit API vulnerabilities or reverse engineer APIs. 

OWASP ZAP: 8 Key Features and How to Get Started

OWASP Zed Attack Proxy (ZAP) is a free security tool actively maintained by international volunteers. It automatically identifies web application security vulnerabilities during development and testing. Experienced penetration testers can use OWASP ZAP to perform manual security testing.

Cypress Testing: The Basics and a Quick Tutorial

Cypress provides an integrated development environment (IDE) that you can load in your browser. The framework employs an event-based architecture that connects with Google Chrome’s lifecycle events. It enables Chrome to wait for Ajax requests to complete without using a timeout or polling mechanism, leading to faster and more reliable tests.

Unit Testing in Node.js: The Basics and a Quick Tutorial

To do unit testing in Node.js, you will typically use a JavaScript unit testing framework. Common frameworks include Mocha, Jest, Jasmine, and Cypress. We’ll show how to do Node.js unit testing in Jest.

OWASP Top 10 API Security Threats

What Is the Open Web Application Security Project (OWASP)? The Open Web Application Security Project (OWASP) is a non-profit foundation by a global community dedicated to providing free application security resources. OWASP offers guidance on developing and maintaining secure software applications. The goal is to educate software architects, developers, and business owners about security risks. 

SSRF Attack: Impact, Types, and Attack Example

What Is SSRF Attack? Web applications often trigger requests between HTTP servers. These requests are typically used to fetch remote resources such as software updates, retrieve metadata from remote URLs, or communicate with other web applications. If not implemented correctly, these server-to-server requests can be vulnerable to server-side request forgery (SSRF). SSRF is an attack

Get Started
Read Bright Security reviews on G2