Articles - OnSecurity

Penetration Testing for Universities: A Critical Cyber Security Solution

University networks are complex, open, and high-value. See how penetration testing for universities finds the gaps your internal team can’t see.

Session Management Vulnerabilities: What Developers Get Wrong and How to Fix Them

Session management flaws are almost always developer errors. Learn how attackers exploit them, and the exact controls needed to fix them.

Why Cyber Security in Education Is More Complex Than Most Organisations Realise

From ransomware to data exfiltration, UK universities face growing cyber threats. Learn how to build resilience and protect sensitive data.

Pentest Files: How A Single HTTP Header Unlocked Every Customer’s Data

A single HTTP header. Fully client-controlled. Trusted completely by the server. In this Pentest Files, Daniel shows how modifying one value in a routine API request was enough to pull user data from every organisation on a multi-tenant SaaS platform, no special privileges required, no complex exploit chain, just a for loop and an integer.

Pentest Files: Account Takeover Via Password Reset Token Disclosure

A critical flaw in a password reset API handed attackers a full account takeover in just two requests. See how our tester found it, how it works, and how to fix it.

Agentic AI Security Risks: What Businesses Need to Know

Explore agentic AI security risks, including memory poisoning, NHI sprawl, and tool misuse, and how businesses can safeguard autonomous AI systems

Web Application Pentesting vs Network Pentesting: What’s the Difference?

Discover the key differences between web application pentesting vs network pentesting, when you need each type, and why both are essential for comprehensive security.

Secure by Design in Practice: A Guide for UK Government Product and Delivery Teams

A practical guide to implementing Secure by Design in UK government product delivery. Covers risk-driven design, lifecycle security activities, compliance with the PSTI Act, and how regular penetration testing keeps your security posture continuously validated.

Pentest Files: Hijacking Admin Invitations to Bypass the Login Wall

OnSecurity’s Pentest Files uncovers the latest vulnerabilities and real-life remediation steps to prevent businesses from malicious attack. In this article we find out how our Head of Pentesting is able to hijack admin invitations to bypass the login wall in our clients infrastructure.

Pentest Files: Log File Injection Leading to Remote Code Execution

OnSecurity’s Pentest Files uncovers the latest vulnerabilities and real-life remediation steps to prevent businesses from malicious attack. In this article we find out how Craig discovered a Log File Injection leading to remote code execution.

Latest Articles

Case Studies

From Checkbox to Commitment: How Orkastrate Turned Annual Pentesting into a Security Habit

How Breef used OnSecurity to strengthen its security posture with speed and simplicity

From Engineering to Enterprise Security: How a Renowned Automotive Business Closed Critical Gaps with OnSecurity

Secure and Streamlined: Why Countingup Chooses OnSecurity for Annual Testing