Blog

7ASecurity shares results of a security audit of Stork (ISC’s admin interface for Kea servers): 7 security-impact findings (2 high) and all fixes verified, plus threat modeling, SLSA review, and an SBOM.

How do you protect what you don't know exists? With external penetration testing. It’s how you find the "unknown unknowns" that threaten your business. It doesn’t matter how careful you are or how sophisticated your dev team is; somewhere in your organisation's digital footprint sits a forgotten test server. Maybe it's an old marketing microsite …

PCI penetration testing is how you ensure you keep credit card data safe from attackers.  Unfortunately, the reality is that compliance doesn't guarantee security, and cybersecurity doesn't automatically mean compliance. You need both. And right now, plenty of organisations have neither. The fines for PCI DSS non-compliance can reach $100,000 per month. But that's almost …

7ASecurity shares results of a holistic security audit of zlib: 10 security-impact findings (1 high) and all fixes verified, plus hardening recommendations and a custom threat model.

Noghteha engaged 7ASecurity for an independent Android security and privacy assessment strengthening an offline-first mesh messenger for high-risk connectivity.

Modern apps aren’t websites. They need the security to match; they need app penetration testing. Your user app connects to a mobile phone.  It pulls data from the cloud.  Routes through many APIs.  It processes payments through third-party integrations.  Each connection point is a possible gap. Each integration creates complexity. And complexity is where security …

A clear, practical walkthrough of the 7ASecurity audit process: threat-model driven scoping, a dedicated communication channel with interim findings, and free fix verification—so issues are fixed, not just reported.

For the past three years, the Tor Project has been working to improve the tools, resources, and protocols used to monitor the health of the Tor network. This work aims to strengthen the Tor network's resilience and resist relay attacks. As part of this effort, in July and August 2025, 7ASecurity conducted a code audit of those …

OWASP Executive Director Andrew van der Stock interviews 7ASecurity CEO Abraham Aranguren on what “quality pentesting” really means: threat-model driven scoping, researcher-led testing, interim findings, and free fix verification.

What Happens When the Threat Is Already Inside? Effective internal network penetration testing addresses a classic security fear, much like the line from horror films: 'The call is coming from inside the house'.  In cybersecurity, this is a daily reality. While we spend a lot of time building strong walls to keep attackers out, many …