Research & resources

Research, study plans & articles

Written by the people who run the assessments — technical articles, a structured study plan, and practical playbooks, kept close to what actually happens on an engagement.

Featured articles

Recent technical writing

SQL Injection in 2026: why it still works and how to close it for good

A walkthrough of how modern SQL injection variants slip past basic input validation, and the layered defence — parameterised queries, least-privilege database accounts, and continuous testing — that actually closes the gap.

The misconfiguration patterns behind most cloud breaches

Overly permissive identity roles, public storage left open by default, and unmonitored service accounts show up in almost every cloud incident we investigate. Here's how to find them before an attacker does.

Securing ML pipelines: the endpoints your VAPT scope probably misses

Model endpoints, feature stores, and training data pipelines carry their own attack surface. A look at where they typically get overlooked in traditional application testing scopes.

Broken object-level authorisation: the API bug that keeps recurring

Why authorisation checks that work fine in manual testing quietly fail once an API scales, and the review pattern we use to catch it before it ships.

Hardening CI/CD: the pipeline secrets attackers look for first

A practical rundown of the credential and configuration mistakes we most often find during pipeline reviews, and the fixes that take under an hour.

90-day cybersecurity study plan

A structured path from fundamentals to operations

Built for students, junior analysts, and teams who want a serious, sequenced curriculum instead of a scattered list of links — the same foundation our own consultants started from.

WEEKS 1–4

Fundamentals

Networking basics, operating system internals, common web technologies, and the core vocabulary of offensive and defensive security.

WEEKS 5–8

Network & application security

Web application vulnerability classes, API security, mobile app testing basics, and hands-on practice with manual testing techniques.

WEEKS 9–12

Cloud & operations

Cloud security fundamentals, detection and monitoring concepts, incident response basics, and how findings translate into a real report.

Get the full study plan
Playbooks & guides

Short, practical, and immediately usable

These support both clients tightening their own environment and learners working through the study plan — written to be acted on the same day you read them.

Cloud-hardening checklist

A working checklist for identity permissions, storage configuration, and logging — the same items we check first on a cloud assessment.

Secure deployment patterns

Reference patterns for shipping application changes without introducing the pipeline and configuration issues we see most often.

Data-protection best practices

Practical guidance on classifying, storing, and handling sensitive data in a way that holds up to both attackers and auditors.

Incident response basics

A first-hours playbook for containing an incident and preserving evidence, written for teams without a dedicated response function yet.