Secureaks Blog - Pentest and cybersecurity

When a company carries out an application penetration test, the main objective is to assess the actual security level of the web application, its functionalities, its code and its exposure to attacks. However, one element can quickly distort the results: the presence of a WAF (Web Application Firewall). In this context, whitelisting a pentester on a WAF is common practice and often necessary to guarantee the relevance of tests. This approach is not intended to reduce security, but to enable reliable assessment of application vulnerabilities.

The React2Shell flaw affects React Server Components (RSC) and allows, under certain conditions, remote code execution (RCE) on the server hosting the application. It requires no authentication, is very easy to exploit, and logically achieves the maximum score of 10/10 on the CVSS scale.

In this article, we'll look at what exactly React2Shell is, which versions are affected, how the vulnerability works, how to detect and exploit it, and above all, how to protect against it effectively.

Faced with the constant growth of online threats, companies are looking to strengthen the security of their information systems. Two complementary approaches are often mentioned: penetration testing (or pentests) and Bug Bounty programs. While their common objective is to identify vulnerabilities, their methods, frameworks and benefits differ considerably. Understanding these differences is essential to choosing the solution best suited to your needs.

SQL injections represent one of the most critical vulnerabilities in cybersecurity. Exploiting these flaws often requires advanced skills, but tools like SQLMap make the task much more efficient. This guide covers the basics of SQL injections, how to use SQLMap to detect and exploit them, and tips on how to protect against them.

Web application security is a major challenge for all companies with an online presence. Cyber-attacks are constantly evolving, exploiting the slightest vulnerability to gain access to sensitive data or compromise service availability. In this context, penetration testing (pentesting) is essential to identify and correct security vulnerabilities before they are exploited. But how often should such tests be carried out?