Outpost24 logo
CrushFTP auth bypass vulnerability: Disclosure mess leads to attacks 
Application Security
02 Apr 2025
Outpost24 analysts recently discovered a critical authentication bypass vulnerability in CrushFTP, identified as CVE-2025-31161. The vulnerability has a CVSSv3.1 score...
attack surface EASM
Security through obscurity: An illusion of safety? 
Application Security
26 Feb 2025
Security through obscurity is based on the idea that if attackers don’t know how a system works or even if...
white text on blue background visualizing the overwhelming amount of data in pen testing that can lead to false positives
How to reduce false positives when pen testing web...
Application Security
12 Feb 2025
In the context of penetration (pen) testing, false positives are where the testing tools or methods identify a security vulnerability...
Outpost24’s Capture the Flag event recap: “json returns”
Application Security
31 Jan 2025
On the crisp morning of December 13th, 2024, as the clock struck 09:59 CET, anticipation filled the air. Around the...
Outpost24 logo
Five strategies for uncovering vulnerabilities in web applications
Application Security
19 Nov 2024
I’ve been working as an Application Security Auditor in Oupost24’s web application security testing team for almost three years now....