Young hacker smiling

We hack your software

zero false positives

Attacking Applications, APIs, Mobile Apps Servers, Networks, IoT Devices
ICS: Industrial Control System
SOC: Security Operations Center


Our blog articles seek to cover different topics related to security and/or topics of interest in the world of IT, they can also reflect the author’s opinion about a specific issue related to security. If you want to collaborate and you do not have a topic clear, in this section we give you ideas and once they are covered by an article we update the #TrendingTopics list. Among the topics of interest are:


  • Poodle TLS.

  • Simple cracking of non-reversible keys.

  • Cracking with rainbow tables.

  • Web shells without collateral effects.

  • Reflected file download


  • API throttling.

  • Recommended hashing function.

  • Recommended asymmetric encryption function.

  • Recommended symmetric encryption function.

  • How to stop effectively a ddos without proxies.

  • IAST.

  • DAST.

  • SAST.

  • SecDevOps.

  • Why we use monorepo?

  • Why we use trunk based development?

  • Why we use continuous delivery?

  • Why we use infrastructure as code?

  • Why we use staticgen?

  • Why we use SLB?

  • Why we use asciidoc?

  • Why we use CalVer over SemVer?

  • Why CI security tools don’t break builds?

  • Why automated tools have higher escapes rate?

  • Refactoring JS with linting.

  • Why Asserts don’t use OpenSSL?

  • Who must detect changes in an API: provider or consumer?

  • Should ethical hacking include vulnerabilities analysis?


  • Immutable infrastructure.

  • Red team.

  • Blue team.

  • Purple team.

  • Capture the flag.

  • NixOS

  • Linters as normalizers.

  • Poor man linter: check-all/changed and pcregrep.

  • What is SecDevOps?

  • Remediation Pipelines: One shot, Continuous, Breaking the CI.

  • Black Box testing

  • Gray Box testing

  • White Box testing


  • Misra Standard.

  • Bearer authentication.

  • SOAP basic authentication.

  • SOAP digest authentication.

  • Correctness by Construction (CbyC).

  • Security development lifecycle (SDL).

  • Comprehensive software development model.

  • Lightweight application security process (CLASP).

  • Team software process for secure SW/Dev (TSP-Secure).

  • Conceptual security modeling (CoSMo).

  • UMLSec.


  • Bitcoin blockchain security issues.

  • Ethereum security issues.

  • Stellar security issues.

  • Machine learning for vulnerabilities searching.

  • Incidents associated with vulnerabilities.

Service status - Terms of Use