Berezha Security Blog
Veracode announces a free Community Edition of Veracode Security Labs – a platform aimed to give a comprehensive sandbox environment to research and practice static code analysis. The concept behind is pretty similar to PortSwigger Web Security Academy – another great tool that allows practicing dynamic application security testing.
It’s pretty understandable that a tech person likes hands-on work and doesn’t like any related overhead, including documentation. Similarly, penetration testers love finding vulnerabilities and much less like reporting them. However, the business value comes not from the finding itself, but from its proper communication to the client and actionable remediation measures that may help fix it. So, the report is as important as the finding, not saying that it’s, in fact, the only tangible deliverable of an application security assessment. We’d like to give you an overview of the path you have to take on your way to a mature report. We’re not yet on the peak of this mountain ourselves; however, we can see the route from where we are now. So, let’s take a look at it.
Many online services provide you various passive or active security checks. If your web site has been connected to the internet for a while, chances are quite a few analytics gathering services have already noticed it. Some of them allow you to search their pre-scanned databases, while the others let you run benign vulnerability scans. Checking your domain name against their database is a proper security check-up.
Each time after hosting a Nonamecon or OWASP Kyiv event, my mailbox is flooded by messages from people asking if we have job openings. How can one join our company? Here is my CV! And after getting a response, they ask how they can improve it.
Today we are announcing our Web Application Pentester Training course. Berezha provides Secure Development Awareness training in the corporate setting for a few years now. Today, in addition to this business product, we launch a training program that every individual could join. What is the goal, and what is the difference?
In response to the global outbreak of COVID-19 caused by the new type of coronavirus, Berezha Security switches to Work from Home mode and postpones all on-site engagements. We assure all our clients and partners that this will not affect the timeliness of project results or any other terms and agreements.
Berezha Security is a rather small offensive security consultancy focused around high quality of results and long-term partnerships with every client. However, we find a lot of bugs, too, so we try to keep you up to date with what we find. Last year we listed Top-5 flaws that have let us into the clients’ infrastructure. This year we have decided to publish all the bugs that made us stop all pentesting activities, report the findings, and work with the clients to fix them as soon as possible. We rate this kind of bugs as Critical and deem them as all-stop events, the same way we treat finding an “incident in action” or obtaining access to large amounts of highly-sensitive data. So the bugs that made us freeze in 2019 are.
Berezha Security provided Application Security training to software developers and got all-five rating on Clutch.
Dear cybersecurity community, we are happy to start 2020 by opening a position of Penetration Tester in our Kyiv office. To submit your resume, go to https://berezhasecurity.com/#Contact and select ‘‘Work at Berezha” in the contact form. Please make sure you provide a URL to your CV or just send a copy to [email protected] Although we will carefully review and consider all received CVs, we guarantee an invitation for the interview to the professionals who demonstrated any of the following achievements…
We send warm thanks to all our customers and partners: we greatly appreciate the trust you put in us and we will go on doing our best to meet your expectations! We greatly appreciate the work our team puts into the services we provide and we are proud to have every...
+380 (44) 364 7336 +1 (315) 303 2323
6 Nimanska St., 41, Kyiv, Ukraine 01103
77 Sichovykh Striltsiv St., Kyiv, Ukraine