Blog

Cross Site Scripting Strikes Again

Not-So-Private Personal Data While browsing the internet looking for interesting things, I happened upon a site used for research purposes around DNA kits. The site was interesting; it lets users compare DNA kits to learn a range of information about…

Debugging in Production: Turn it Off!

Sometimes our assessments surprise us —not because of what issue we identified, but how we identified it. A client hired Packet Ninjas for a routine External Network Assessment. They gave us their external range, but it was not the most up to…

Cross Site Scripting and Rickrolling: Our Favorite Findings

Today, in our favorite finding series, I will be talking about one of my favorite vulnerability classes. Cross Site Scripting (XSS) and how untrustworthy actors can use it to do unexpected things to your website. Before we begin, I want…

Intuit Password Recovery Error

A few months ago, I was fiddling around with some Intuit applications as I had made a commitment to better track my finances. To my surprise, when I tried to make an account, I was receiving an error that there…

Mobile App Encryption Bad Practices

Recently at Packet Ninjas, we have been getting a lot of questions about the kind of testing we do here. I thought this would be a good opportunity to write a few articles about some of my favorite findings. I…

Seven Most Common Web and Mobile Application Issues

One of the first places to begin probing for vulnerabilities is your web or mobile applications. After all, these are often the public face of your organization. Unfortunately, people often miss crucial elements of application security. Whether they are web…

Scroll to Top