OWASP Top 10 2025 – A Pentester’s Perspective

Every three to four years, OWASP releases a new version of arguably its most famous project, the “OWASP Top Ten”. Originally started in 2003, this list serves as an awareness document to highlight the 10 most prevalent issues for web applications. The newest release marks the eighth iteration and has once again undergone a few … Continue reading OWASP Top 10 2025 – A Pentester’s Perspective →

Integrating Abuse Case Scenarios to Improve Authorization Testing

Introduction In many penetration testing assessments, it is common to encounter applications that support multiple user roles, such as admin, normal user, approver, and others. Consequently, testers are often provided with accounts and credentials for various roles during a grey-box assessment. During a penetration test, the focus is often on identifying technical vulnerabilities such as … Continue reading Integrating Abuse Case Scenarios to Improve Authorization Testing →

Is the Google search bar enough to hack Belgian companies?

In this blog post, we will go over a technique called Google Dorking and demonstrate how it can be utilized to uncover severe security vulnerabilities in web applications hosted right here in Belgium, where NVISO was founded. The inspiration for this security research arose from the observation that many large organizations have fallen victim to … Continue reading Is the Google search bar enough to hack Belgian companies? →