Secureaks Blog - Cybersecurity

When a company carries out an application penetration test, the main objective is to assess the actual security level of the web application, its functionalities, its code and its exposure to attacks. However, one element can quickly distort the results: the presence of a WAF (Web Application Firewall). In this context, whitelisting a pentester on a WAF is common practice and often necessary to guarantee the relevance of tests. This approach is not intended to reduce security, but to enable reliable assessment of application vulnerabilities.

The React2Shell flaw affects React Server Components (RSC) and allows, under certain conditions, remote code execution (RCE) on the server hosting the application. It requires no authentication, is very easy to exploit, and logically achieves the maximum score of 10/10 on the CVSS scale.

In this article, we'll look at what exactly React2Shell is, which versions are affected, how the vulnerability works, how to detect and exploit it, and above all, how to protect against it effectively.

Web application security is a major challenge for all companies with an online presence. Cyber-attacks are constantly evolving, exploiting the slightest vulnerability to gain access to sensitive data or compromise service availability. In this context, penetration testing (pentesting) is essential to identify and correct security vulnerabilities before they are exploited. But how often should such tests be carried out?

Cybersecurity has become a crucial issue for companies of all sizes. Yet many small and medium-sized businesses continue to make fundamental mistakes that expose them to significant risks. These mistakes are all the more problematic in that they are often avoidable with a minimum of good practice and awareness. This article looks at five of them and explains why they need to be corrected quickly.

Penetration testing, or "pentesting", is a crucial step in the process of securing an information system. It identifies vulnerabilities that could be exploited by an attacker, so that they can be corrected before an incident occurs. But one question often comes up: should this test be carried out in a production environment, or on a testing platform? Each of these approaches has its advantages and disadvantages, which need to be clearly understood.