Skip to content
Fast-turnaround security assessments available — 10+ years development & security experienceGet started
Topic Hub

Infrastructure Security

Server, network, and cloud infrastructure vulnerabilities — subdomain takeovers, DNS misconfigurations, container security, exposed services, and infrastructure hardening.

2 knowledge articles2 case studies7 glossary terms

Understanding Infrastructure Security

Services

What We Test: Applications, APIs, Authentication, Infrastructure

A detailed breakdown of what Raijuna tests during security assessments — web applications, REST and GraphQL APIs, authentication and SSO flows, cloud infrastructure, and mobile backends. For each target type: what we look for, common findings, and why it matters.

11 min readRead article
VulnerabilityCWE-284

Subdomain Takeover: When Dangling DNS Records Become Attack Surface

Subdomain takeover occurs when a DNS record points to a deprovisioned external service, allowing an attacker to claim that service and serve arbitrary content under a trusted domain. The result is phishing, cookie theft, and content security policy bypass — all from a legitimate-looking subdomain.

10 min readRead article

Real-World Cases

OtherCVSS 7.5high

The Subdomain Someone Else Already Owned

A routine DNS enumeration uncovered a subdomain pointing to a cloud resource that no longer existed. The CNAME was still live, the cloud resource was available for anyone to claim, and the subdomain was one registration away from serving attacker-controlled content under the company's domain.

Read case
Info DisclosureCVSS 8.2high

652 Repositories, Zero Authentication

An exposed container registry at a global infrastructure provider held 652 repositories with no authentication. Docker image layers contained full application source code, configuration files, API keys, database credentials, and internal service architecture maps. This is the story of how it was found and what it revealed.

Read case

Key Terms

Phishing

A social engineering attack that tricks individuals into revealing sensitive information by impersonating a trusted entity.

Reconnaissance

The initial phase of a security assessment where information about the target is systematically gathered to identify attack surfaces and potential vulnerabilities.

Subdomain Takeover

A vulnerability where an attacker claims control of a subdomain that points to an unclaimed or decommissioned external service.

TLS (Transport Layer Security)

A cryptographic protocol that provides secure communication over a network by encrypting data in transit between two parties.

Token

A digitally generated string used to authenticate a user, authorize access, or maintain session state without repeatedly transmitting credentials.

VPN (Virtual Private Network)

A technology that creates an encrypted tunnel between two points on a network, protecting data in transit and masking the user's network identity.

WebSocket Security

The set of security considerations and protections specific to WebSocket connections, which maintain persistent bidirectional communication channels.

Need your application tested?

Our security assessments cover the full range of infrastructure security vulnerabilities with methodology built from real-world research.

Request an Assessment