Omegapoint Security Blog

At Omegapoint we are strong believers in sharing our knowledge. On this site we have gathered blog posts and articles that represent our passion for cybersecurity and secure application development.

The contents are based on Omegapoint’s collective experience building, operating, defending and ethically attacking systems and organizations.

Defensive security

Building applications and services that are secure by design is vital for security over time. With the article series Defense in Depth we describe how to achieve this, with security controls in multiple layers according to the principles of defense in depth, least privilege and zero trust.

These articles are accompanied by implementations in .NET and Java, and addtional articles on how to evaluate your security posture with a set of questions, applying CIS Controls as a DevOps-team.

Offensive security

Even if systems are built using secure by design patterns and practices there can be implementation mistakes, vulnerablities intruduced by third-party components and misconfigurations. Verifying that defenses works as expected is a must for a secure system. The article on offensive application security gives an introduction to the methodology and principles of ethical hacking and high-quality web application penetration testing.

As a result of applying these principles when performing penetration tests we have documented, as part of responsible disclosure in cooperation with affected parties, a set of writeups. They show how vulnerabilities were identified and how they could be exploited (before patching). Examples are: