Blog

November 2016

OWASP Security Conference @ Evozon

November 2nd, 2016|Cyber Security|

Evozon’s Cyber Security Division will host the 11th OWASP Cluj-Napoca Chapter meeting and, unlike previous editions, the meeting will feature 2 parallel tracks: “Integrating security as a service in software product development” - Presentation held by Andrei Pușoiu Security must be integrated into the development process of each application, no matter its type or purpose. [...]

Our team hacked the bank @ DefCamp

November 11th, 2016|Uncategorized|

They did it. Our team of security professionals hacked the ECorp Bank at DefCamp 2016 in the "Hack the Bank" contest. They had an account with 1 RON and increased their debit to 1.000.000 RON. Let's hear more about how they did it - "At first we aimed for bypassing the logic of the application and checked for [...]

July 2016

PIN Code Authentication Bypass

July 6th, 2016|Cyber Security|

While performing a Penetration Test for a web application, an important part is testing the Authentication process. Even if usually it is a standard authentication process or it issues a well-known authentication framework made for security purposes, we still can find vulnerabilities in the implementation of it. For example, applications may rely on client side data [...]

June 2016

Vulnerability Assessment vs. Penetration Testing

June 23rd, 2016|Cyber Security|

When developing a website or an application, security testing is one of the most important part, as having a secure and trustworthy software is what any user is looking for. When it comes to choosing the best approach in security testing, there are two widely used approaches: vulnerability assessment or penetration testing. The choice between them must [...]

When does your company need security testing

June 23rd, 2016|Cyber Security|

A general impression about security testing that most of the companies have is that it is a process of hacking a website after the developing parts is done and/or the application is launched. This idea still stands up because the cyber security field was poorly addressed, or even ignored by most of software development companies, even [...]