Pen testing walkthroughs, compliance field notes, cloud attack chains and thought leadership from the CyberFortify offensive security team. Written by practitioners, for practitioners.
Five years of OWASP data, mapped against hundreds of actual pen test findings. Broken Access Control still leads - but SSRF, injection, and insecure design have shifted in ways the updated list doesn't fully capture. Here's what we're actually finding in 2026.
Rootless jailbreaks, TrustKit, Network.framework, and custom pinning implementations. A full walkthrough of every technique we use in mobile pen tests today - and what to do when Objection doesn't work.
The full attack chain: SSRF entry point to AWS metadata service to IAM credential theft to STS AssumeRole privilege escalation. With real request examples, Azure/GCP equivalents, and remediation that actually works.
Object-level authorization failures are OWASP API Top 10 #1 for a reason - and automated scanners are structurally incapable of finding them. Here's how we test for BOLA manually, including GraphQL variants and compound key patterns.
Requirement 11.4.5 tightened significantly in PCI DSS v4.0. QSAs now expect evidence that your segmentation controls actively prevent CDE-scope expansion. Here's what the test must cover, what auditors reject, and what a passing deliverable looks like.
The most expensive mistake in security procurement is buying the wrong engagement type. Pen tests that should have been red teams, red teams that should have been pen tests - and the questions that tell you which you actually need.
Clickjacking (UI redressing) requires no malware and no XSS - just a transparent iframe and an authenticated session. Attack anatomy, six real variants, X-Frame-Options vs CSP frame-ancestors, frame busting bypasses, and a six-point prevention checklist.
SPAs, GraphQL, edge functions, AI-powered apps - the attack surface has changed. So has the toolchain. A practitioner's guide to the proxy tools, recon utilities, API testing rigs, and specialized scanners we use in 2026 engagements.
Compliance gives you a documented security posture. Protection gives you an actual one. Most organisations discover the gap between them during a breach. Here's how consulting bridges it - and what a mature programme looks like when both are working.
SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR, FTC Safeguards, CMMC - the regulatory landscape compounds every year. What compliance consulting actually delivers, common mistakes that derail audits, and how to right-size the engagement for your maturity level.
Koop's automated compliance intelligence combined with CyberFortify's manual offensive security practice. Why automated GRC and manual pen testing aren't alternatives - they're a force multiplier when used together.
156 test cases across pre-engagement, recon, authentication, authorization, injection, cryptography, API, business logic and reporting phases. Download the full PDF or browse the interactive version.
Every post here is drawn from real pen test findings. When you're ready to test your own systems, our offensive security team will find what your scanners and automated tools miss.