Mobile Banking App Pentest: What It Actually Finds

Featured image for Mobile Banking App Pentest: What It Actually Finds

Banking trojans no longer steal credentials and walk away. They sit on the device, overlay the legitimate banking screen, intercept the second factor, and complete the transaction while the customer…

Web App Vulnerabilities Your Scanner and WAF Miss

Featured image for Web App Vulnerabilities Your Scanner and WAF Miss

The web application vulnerabilities scanners miss are rarely the ones a CVE feed will tell you about. They sit one layer above signatures, in the logic of how an application decides who is allowed to…

CI/CD Secrets: The Cloud Attack Path Reviews Miss

Featured image for CI/CD Secrets: The Cloud Attack Path Reviews Miss

A typical annual cloud security review captures the state of an environment on the day the engagement closes. Two weeks later, a developer adds a third-party integration, a CI/CD workflow gets a new…

How AI-assisted pentests work in practice

Featured image for How AI-assisted pentests work in practice

The question CTDefense gets most often from CISOs and IT directors right now is some version of the same one: the board has read the May 2026 coverage of AI-assisted intrusion, and they want to know…

Featured image for OWASP Top 10 2025 vs real web pentest findings

The OWASP Foundation published its Top 10:2025 list in late 2025, drawing on more than 2.8 million applications and 175,000 CVE records — the largest dataset the project has ever assembled. For most…