Blog

7ASecurity shares results of a whitebox audit of Requests, CacheControl and urllib3: 9 security-impact issues, 2 hardening recommendations, supply-chain review and future security guidance.

7ASecurity shares results of a security audit of DEfO: 5 security-impact findings (2 high), 6 hardening recommendations, and a lightweight threat model for OpenSSL ECH clients and servers.

Building an Information Security Management System (ISMS) without accurate ISO 27001 penetration testing is like building a bank vault and leaving the combination on a sticky note.  You might have all the right policies written down. However, you have no proof those rules actually protect your data. Passing your audit requires more than completing a …

7ASecurity shares results of a security audit of Stork (ISC’s admin interface for Kea servers): 7 security-impact findings (2 high) and all fixes verified, plus threat modeling, SLSA review, and an SBOM.

A clear, practical walkthrough of the 7ASecurity audit process: threat-model driven scoping, a dedicated communication channel with interim findings, and free fix verification—so issues are fixed, not just reported.

OWASP Executive Director Andrew van der Stock interviews 7ASecurity CEO Abraham Aranguren on what “quality pentesting” really means: threat-model driven scoping, researcher-led testing, interim findings, and free fix verification.