Notes from the bench.
Findings, post-mortems, scanner walkthroughs and the occasional opinion. Written by the operators on the engagement, not by the marketing team. No template-driven slop.
Cyber Security
How does DevOps improve security?
How a DevOps approach shrinks your attack surface by building security into the development process from the start, rather than bolting it on at the end.
Uncategorized
What is black box testing
Using a simple airport-luggage analogy, an approachable explanation of black box testing — assessing a system's security purely from the outside, with no view of its internals.
Security
Why secure php scripts are essential
Why unguarded PHP scripts are a prime target, and how to close the gaps — securing your code, protecting the server and testing scripts before attackers do.
Uncategorized
WordPress security scan: How to Scan a WordPress Site
A hands-on guide to scanning WordPress for vulnerabilities — pinpointing weak spots, running tools like WPScan, reading the report and fixing what it surfaces.
Uncategorized
The 13 Most Common Website Security Attacks
The thirteen most common website attacks every owner should recognise — malware, phishing, DoS, whaling, IP spoofing, zero-days and more — with how each one works.
Uncategorized
WordPress Security: Step by Step Guide
Why WordPress powers so much of the web and how to lock it down — a step-by-step guide to securing the CMS that runs your site.
Written by the operators
on the engagement.
We publish what we'd want to read on the train home. Reproducers, post-mortems, the occasional opinion. If a piece doesn't survive a peer review by the bench, it doesn't ship.