Penetration Testing
Gitjacking: From an Abandoned Repository to Website Compromise
Repository-related risks are not limited to exposed credentials or source code. References to repositories and GitHub identities can also become vulnerable when projects, accounts, or integrations are renamed, transferred, or...
Spot Spoofing Risk Before Attackers Abuse Your Brand
Email remains one of the most abused trust channels on the internet. Attackers do not need to compromise your infrastructure to damage your brand, trick your customers, or target your...
Continuous Penetration Testing: Why Fresh Eyes Find Fresh Bugs
[Editor’s note: I wrote this short blog post to illustrate the advantages of Continuous Penetration Testing. In this case, a tester discovered a vulnerability triggered by a new event in...
Why Cyber Due Diligence is Critical for M&A Success
[Editor's Note: Even Andreassen is one of our talented business developers. He is also an assistant professor at a Norwegian university. In this excellent blog post he has given us...
Pentesting is Transforming: 8 Steps to a Successful Pentest Operation in 2025!
Pentesting isn’t what it used to be, folks. Gone are the days of single checklist exercises and surface-level scans. In 2025, we’re transforming the way we think about pentesting—making it...
Penetration Testing Methodology – Much More Than Just Checklists
This blog post seeks to outline key aspects of the methodology River Security employs to identify vulnerabilities during our penetration testing. Our approach is continually evolving, designed to adapt to...
Finding Attack Surface and Other Interesting Domains via Certificate Transparency Logs
Certificate Transparency (CT) logs are like public records for internet security. When a new TLS certificate is issued, it gets logged in these CT logs. This makes it easier for...
Code Repositories: A Wealth of Information and Potential Threats. How River Security Protects Your Assets
A public code repository may look like a collection of source files. To a penetration tester or attacker, it can be a map of an organisation. Repositories can reveal credentials,...
Cheating the Threat Actors: How River Security Monitors Cloud Assets to Stay Ahead
At River Security, we understand the importance of monitoring cloud assets in order to protect our customers from potential threats. That's why we have developed a unique approach to monitoring...
Mobile Apps Can Reveal Valuable Information for Attackers
Mobile applications have become a crucial part of modern business operations, with many companies relying on them to connect with customers, manage internal processes, and handle sensitive information. However, the...
