Threat modeling Archives - 7ASecurity Blog https://7asecurity.com/blog/ 7ASecurity Blog With Cybersecurity Tips and Tools Sun, 03 May 2026 09:08:35 +0000 en-US hourly 1 https://7asecurity.com/blog/contents/uploads/2019/06/favicon.ico Threat modeling Archives - 7ASecurity Blog https://7asecurity.com/blog/ 32 32 Requests, CacheControl and urllib3 audit by 7ASecurity https://7asecurity.com/blog/2026/05/requests-cachecontrol-urllib3-audit/ Fri, 01 May 2026 12:51:49 +0000 7ASecurity shares results of a whitebox audit of Requests, CacheControl and urllib3: 9 security-impact issues, 2 hardening recommendations, supply-chain review and future security guidance.

The post Requests, CacheControl and urllib3 audit by 7ASecurity appeared first on 7ASecurity Blog.

]]> DEfO audit by 7ASecurity https://7asecurity.com/blog/2026/04/defo-audit-by-7asecurity/ Fri, 10 Apr 2026 09:59:16 +0000 7ASecurity shares results of a security audit of DEfO: 5 security-impact findings (2 high), 6 hardening recommendations, and a lightweight threat model for OpenSSL ECH clients and servers.

The post DEfO audit by 7ASecurity appeared first on 7ASecurity Blog.

]]> The Role of ISO 27001 Penetration Testing in Risk Management https://7asecurity.com/blog/2026/03/iso-27001-pentest-risk-management/ Fri, 27 Mar 2026 09:37:52 +0000 Building an Information Security Management System (ISMS) without accurate ISO 27001 penetration testing is like building a bank vault and leaving the combination on a sticky note.  You might have all the right policies written down. However, you have no proof those rules actually protect your data. Passing your audit requires more than completing a …

The post The Role of ISO 27001 Penetration Testing in Risk Management appeared first on 7ASecurity Blog.

]]> Stork audit by 7ASecurity https://7asecurity.com/blog/2026/02/stork-security-audit-7asecurity/ Fri, 27 Feb 2026 10:39:30 +0000 7ASecurity shares results of a security audit of Stork (ISC’s admin interface for Kea servers): 7 security-impact findings (2 high) and all fixes verified, plus threat modeling, SLSA review, and an SBOM.

The post Stork audit by 7ASecurity appeared first on 7ASecurity Blog.

]]> How 7ASecurity Audits Work: Interim Findings, Manual Testing, and Free Fix Verification https://7asecurity.com/blog/2026/02/how-7asecurity-audits-work/ Fri, 06 Feb 2026 06:24:49 +0000 A clear, practical walkthrough of the 7ASecurity audit process: threat-model driven scoping, a dedicated communication channel with interim findings, and free fix verification—so issues are fixed, not just reported.

The post How 7ASecurity Audits Work: Interim Findings, Manual Testing, and Free Fix Verification appeared first on 7ASecurity Blog.

]]> Interview with OWASP Executive Director on Quality Pentests https://7asecurity.com/blog/2026/01/owasp-executive-director-interview-7asecurity/ Fri, 23 Jan 2026 06:41:47 +0000 OWASP Executive Director Andrew van der Stock interviews 7ASecurity CEO Abraham Aranguren on what “quality pentesting” really means: threat-model driven scoping, researcher-led testing, interim findings, and free fix verification.

The post Interview with OWASP Executive Director on Quality Pentests appeared first on 7ASecurity Blog.

]]>