IT Security Blog by turingpoint

Blog posts about IT security in general, penetration testing, cloud security and red teaming from our team.
Man-in-the-Browser Attacks
Man-in-the-Browser Attacks
New

The man-in-the-browser attack is a form of man-in-the-middle attack in which an attacker takes control of the browser.

More
Log4j - Critical Zero-Day Vulnerability in Logging Library
Log4j - Critical Zero-Day Vulnerability in Logging Library

The Log4Shell zero-day vulnerability is considered highly security-critical. It allows attackers to execute arbitrary code.

More
What does the Coalition Agreement say about Cyber Security and Digital Civil Rights?
What does the Coalition Agreement say about Cyber Security and Digital Civil Rights?

The new coalition agreement aims to strengthen the law on the Internet and advance society in terms of cyber security.

More
The new OWASP Top 10 from 2021
The new OWASP Top 10 from 2021

There are three new categories in the OWASP Top 10 and the prioritization of some already known categories has changed.

More
Node Package Manager Security - Everything about NPM Package Security
Node Package Manager Security - Everything about NPM Package Security

Numerous versions you can use for the Node Package Manager update may be contaminated with malicious code, according to repository officials.

More
Vulnerabilities in GraphQL - Overview and Case Studies
Vulnerabilities in GraphQL - Overview and Case Studies

This disclosure capability of GraphQL is both strength and weakness at the same time and should be tested accordingly.

More
Error culture in the IT department - How an open Approach to Errors Promotes the Security Level of Companies
Error culture in the IT department - How an open Approach to Errors Promotes the Security Level of Companies

The reasons for penetration testing are numerous and yet, from a legal perspective, they are often in a gray area.

More