Penetration Testing

Gitjacking: From an Abandoned Repository to Website Compromise

Repository-related risks are not limited to exposed credentials or source code. References to repositories and GitHub identities can also become vulnerable when projects, accounts, or integrations are renamed, transferred, or...
Read More about Gitjacking: From an Abandoned Repository to Website Compromise

Spot Spoofing Risk Before Attackers Abuse Your Brand

Email remains one of the most abused trust channels on the internet. Attackers do not need to compromise your infrastructure to damage your brand, trick your customers, or target your...
Read More about Spot Spoofing Risk Before Attackers Abuse Your Brand

Continuous Penetration Testing: Why Fresh Eyes Find Fresh Bugs

[Editor’s note: I wrote this short blog post to illustrate the advantages of Continuous Penetration Testing. In this case, a tester discovered a vulnerability triggered by a new event in...
Read More about Continuous Penetration Testing: Why Fresh Eyes Find Fresh Bugs

Why Cyber Due Diligence is Critical for M&A Success

[Editor's Note: Even Andreassen is one of our talented business developers. He is also an assistant professor at a Norwegian university. In this excellent blog post he has given us...
Read More about Why Cyber Due Diligence is Critical for M&A Success

Pentesting is Transforming: 8 Steps to a Successful Pentest Operation in 2025!

Pentesting isn’t what it used to be, folks. Gone are the days of single checklist exercises and surface-level scans. In 2025, we’re transforming the way we think about pentesting—making it...
Read More about Pentesting is Transforming: 8 Steps to a Successful Pentest Operation in 2025!

Penetration Testing Methodology – Much More Than Just Checklists

This blog post seeks to outline key aspects of the methodology River Security employs to identify vulnerabilities during our penetration testing. Our approach is continually evolving, designed to adapt to...
Read More about Penetration Testing Methodology – Much More Than Just Checklists

Finding Attack Surface and Other Interesting Domains via Certificate Transparency Logs

Certificate Transparency (CT) logs are like public records for internet security. When a new TLS certificate is issued, it gets logged in these CT logs. This makes it easier for...
Read More about Finding Attack Surface and Other Interesting Domains via Certificate Transparency Logs

Code Repositories: A Wealth of Information and Potential Threats. How River Security Protects Your Assets

A public code repository may look like a collection of source files. To a penetration tester or attacker, it can be a map of an organisation. Repositories can reveal credentials,...
Read More about Code Repositories: A Wealth of Information and Potential Threats. How River Security Protects Your Assets

Cheating the Threat Actors: How River Security Monitors Cloud Assets to Stay Ahead

At River Security, we understand the importance of monitoring cloud assets in order to protect our customers from potential threats. That's why we have developed a unique approach to monitoring...
Read More about Cheating the Threat Actors: How River Security Monitors Cloud Assets to Stay Ahead

Mobile Apps Can Reveal Valuable Information for Attackers

Mobile applications have become a crucial part of modern business operations, with many companies relying on them to connect with customers, manage internal processes, and handle sensitive information. However, the...
Read More about Mobile Apps Can Reveal Valuable Information for Attackers