Blog

PCI DSS, SOC2, vCISO, Penetration Testing, HIPAA, CIS Controls, Security Program, Risk Assessment, Privacy, CCPA, ISO27001

Why API Pen Tests Should go First

In today's interconnected world, application programming interfaces (APIs) have rapidly become predominant tools for sharing data and providing multiple services within a single application. APIs link ecosystems of technology and are an engine of business growth. APIs rule the

Read More

Penetration Testing, Security Program

What is a Red Team Test?

Red Teams are often confused with penetration testers due to their overlap in practices and skills, but we believe they are not the same. Penetration testers deal with the pursuit of one or several objectives. However, Red Teams have a specific

Read More

Penetration Testing, Security Program

Pen Testing - Why Purple Teams Should Never Exist

Purple teams are a controversial topic among cybersecurity professionals. There seems to be industry confusion regarding the definitions of Blue, Red and Purple teams. While descriptions of Blue Teams are relatively consistent, there are variations

Read More

Penetration Testing, Security Program

Five Reasons Internal Pen Testing is Necessary

Sometimes the best defense is a good offense.  In cybersecurity, you need to think like real-world attackers.  Security practitioners do this via penetration (pen) testing to find vulnerabilities that attackers could potentially exploit. 

Read More

Penetration Testing, Security Program

Using Open Source Intelligence (OSINT) for Attack Surface Analysis

As the world grows more interconnected through social media and digital communications, relevant information available to attackers grows exponentially. Open-source intelligence (OSINT) is the practice of collecting data from published or otherwise

Read More

Penetration Testing, Security Program

Five Steps to Pentesting Wireless

Wireless access points can be easy targets for a cybercriminal to breach your system. Whether installed by stealth or just innocently by shadow IT, rogue access pointsare a significant security threat to the entire network. Legitimate access points

Read More

Penetration Testing, Security Program

Pen Testing the Cloud and Hybrid Environments

Cloud technologies enable companies to build and run scalable applications in dynamic public, private, and hybrid environments. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify the elastic cloud

Read More

Penetration Testing, Security Program, Red Teaming

The Hackers Guide to API Penetration Testing

Pen testing has traditionally focused on realistic simulated attacks on your network, operating systems and applications. In today's interconnected world, application programming interfaces (APIs) have rapidly become predominant tools for providing

Read More

Penetration Testing, Security Program, Red Teaming

Vulnerability Assessment, Penetration Testing, and Red Team Conflation

Red Team vs. Penetration Test vs. Vulnerability Assessment - Seven characteristics that set these services apart and why it matters to you.

Read More

Penetration Testing, Security Program, Risk Assessment, Red Teaming

Combating Feedback Loops with Attack Surface Analysis

Everyone knows there are threats out there hell-bent on destroying our organizations. Innovative businesses everywhere are taking a risk-based approach to prevent mission compromise. This approach involves leveraging a risk assessment framework as

Read More