SecurityTrails Blog

IP Reconnaissance for Bug Bounty Hunters with SurfaceBrowser™.
SecurityTrails Blog · Mar 25 · by Esteban Borges

IP Reconnaissance for Bug Bounty Hunters with SurfaceBrowser™

IP reconnaissance is often the base and a starting point of any security research or bug hunt. This is simply because scanning any IP address can lead you to an individual host in question—and once you’ve found the host, the possibilities are limitless. From there you may find running services, open ports, databases, unsecured files and much more. Everything begins with finding and scanning the IP address.

Host Discovery Tips for Bug Bounty Hunters with the SecurityTrails API.
SecurityTrails Blog · Mar 18 · by Gianni Perez

Host Discovery Tips for Bug Bounty Hunters with the SecurityTrails API

Despite a growing corpus of dire predictions and research surrounding the state of information security at large, companies continue to expand their digital footprint to encompass a vast array of cutting edge, yet often dissimilar, architectures. From a historical perspective, there is nothing new under the sun at play here; after all, information technology patent citations have steadily dominated those of adjacent industries at least since the 1970s, creating a constant influx of knowledge spillover and innovation that accounts for the exponential growth.

Channeling the Wisdom of the Crowd: Talking with Intigriti's Stijn Jans and Inti De Ceukelaire.
SecurityTrails Blog · Mar 16 · by Sara Jelen

Channeling the Wisdom of the Crowd: Talking with Intigriti’s Stijn Jans and Inti De Ceukelaire

With the boom of data-driven organizations and the adoption of technological advancements, cybersecurity threats are also getting more sophisticated. The fast-changing nature of cybersecurity and the sheer amount of threats and vulnerabilities requires organizations to stay on top of protecting their assets and data from attackers.

10 Backend Security Risks and Tips on How to Prevent Them.
SecurityTrails Blog · Mar 11 · by Esteban Borges

10 Backend Security Risks and Tips on How to Prevent Them

With modern web applications’ backends consisting of multiple servers, containers running different applications (often built from templates), and numerous software services being run, including web servers, databases, web proxies, and the like, you can see how vital it is to ensure every single part of the backend. Otherwise, your entire web application’s safety and security is at risk.

Trojans: Definition, Types and Protection.
SecurityTrails Blog · Mar 09 · by Sara Jelen

Trojans: Definition, Types and Protection

Some cybersecurity threats are so old-school that you don’t really hear that much about them—and they might even appear to slow down over the years. But since the beginning of the COVID-19 pandemic, threat actors and malware authors have been finding new ways to exploit the situation the world has found itself in. One of the most common tactics we’re seeing is the use of trojans.

Axiom: A Distributed Hacking Framework for Pentesters and Red Teamers.
SecurityTrails Blog · Mar 04 · by Gianni Perez

Axiom: A Distributed Hacking Framework for Pentesters and Red Teamers

With the arrival of the concept known as dynamic cloud a few years ago, leaders in the computing and security industries immediately seized the opportunity. Not only did this new paradigm offer flexibility and scalability, its dynamic nature also entailed a more diverse portfolio of applications and similar consumables, readily available and masterfully presented as a single, coherent platform. To security practitioners, and to penetration testers in specific, this newfound agility forever transformed the traditional in-house penetration-testing ecosystem into an entirely dynamic framework.

Building a Career in Incident Response With Cybersec Meg.
SecurityTrails Blog · Mar 02 · by Sara Jelen

Building a Career in Incident Response With Cybersec Meg

Cybersecurity is one of the fastest-growing industries, while cybersecurity professionals are some of the most valuable workers of any organization, regardless of the industry. There is some talk of a cybersecurity skills gap that claims a shortage of professionals, but is that true? Or is gatekeeping dictating unrealistic expectations for entry-level positions, making it harder for newcomers to break into the industry?