Skip to content
PwnDefend
  • Base
  • Comms Room
    • Customer Feedback
    • Company Information
    • Security Management
  • Services
    • Consulting Services
      • Enterprise Security Posture Assessment
      • Cyber Security Assurance & Security Testing Services
      • IT Security Healthchecks
      • Active Directory Assessment Services
      • Managed Remediation Services
    • Emergency Cyber Incident Response Support
    • Our Success Stories
    • Partner Services
  • Blog
  • Privacy

API Security Testing

Introduction

I sometimes wonder in the security industry if part of the issue with adoption of good practises is sometimes partly a self-created problem, don’t get me wrong I’m not saying people go out of their way to make it harder to secure things but I think that getting the right information to the right people in the right format is important.

An area I find that general/common knowledge is lacking is around security testing (penetration testing, adversary simulations and red teaming). In today’s blog I’m going to talk through the high-level steps that are conducted when testing APIs to try and remove some of the veil that I think surrounds this space. In this blog I’m going to talk through our approach to API testing to help you not only understand how we do it but also to help you scope your testing requirements, regardless of who does the testing! After all, sharing is caring!

Read more “API Security Testing” →

Get your dark knight on to create a brighter…

Capturing all the flags

For BSIDES Leeds 2020 we’ve pulled out the stops and created a new CTF game which features both offensive and defensive challenges. The arena includes a number of servers, so you will need to get your pivot on if you are going to breach the crown jewels!

We’ve teamed up with Sky Betting Group to create a CTF which includes both old and new technologies for BSIDES. It features traditional CTF puzzles alongside a PwnDefend norm, an arena network featuring Windows targets!

The games start in line with BSIDES Leeds, at 0900 on the 24th January 2020 the following url will light up with flags across the virtual globe on the Facebook ctf platform.

https://ctf.bsidesleedsctf.com

The challenges are designed for a range of skill levels and all are welcome, if you can use a web browser and know what the magic F12 button does you are in with a chance of getting a flag or two!

I’ll also be presenting with my good friend Mathew Haines on the rookie track at 1400 where we are going to talk about CTF’s and how people can get started (they aren’t just for those who prefer a hoodie!)

I want to give a big thanks to everyone who has helped! From the team at BSIDES Leeds (and the man Large Cardinal himself) through to Sky Betting Group’s Glenn Pegden for hosting the games platform and making some awesome games through to community members, Ben Bidmead (pry0c) from Navisec and Daniel Ward (
@ghostinthecable) who made a community vm challenge!

I create PwnDefend games and content to benefit the community and to help people and organisation better defend themselves so it’s great not only to have community support but also to be able to give back, it’s even better to be able to team up with the team from SBG to bring this to the community!

See you on the cyber battlefields!

for more info on the CTF please visit:

https://www.bsidesleedsctf.com/

Recent Posts

  • Microsoft Outlook Elevation of Privilege Vulnerability (CVE-2023-23397)
  • The Long Game: Persistent Hash Theft
  • The Hacker on a Train
  • Adopting an Attacker Mindset to Defend Healthcare
  • Caught: A Hacker Adventure

Recent Comments

No comments to show.

Archives

  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • March 2020
  • February 2020
  • January 2020
  • October 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018

Categories

  • Architecture
  • Breach
  • Company News
  • CTF
  • Defence
  • Defense
  • Education
  • Fiction
  • Getting into Cyber
  • Guides
  • Hacking
  • IOT
  • Leadership
  • News
  • OSINT
  • Reviews
  • Strategy
  • Threat Intel
  • Uncategorized
  • Vulnerabilities
Copyright (c) Xservus Limited