Penetration Testing, Security Program

The Top Five Criteria for Selecting Your Penetration Testing Vendor

According to the hacker news October 2022, researchers reported that organizations using Office 365 Message Encryption (OME),considered obsolete legacy technology by Microsoft, are subject to a vulnerability thatwould allow rouge third parties to access encrypted email messages.

Read More

Penetration Testing, CIS Controls, Security Program

What does the CIS Controls Version 8 say about Pen Testing?

Independent penetration testing provides critical objective insights about vulnerabilities in organizational defenses and mitigating controls. As part of a comprehensive, ongoing security improvement, pen tests are required by recognized

Read More

Penetration Testing

Why you should Pen Test like an Attacker & not an Auditor

Penetration testing uses creative, blended attacks like real-world adversaries to find weaknesses in tested systems. By simulating real-world attack scenarios, pen testing is 

Read More

Penetration Testing, Security Program, Risk Assessment

Why API Pen Tests Should go First

In today's interconnected world, application programming interfaces (APIs) have rapidly become predominant tools for sharing data and providing multiple services within a single application. APIs link ecosystems of technology and are an engine of

Read More

Penetration Testing, Security Program, Red Team, Red Teaming

What is a Red Team Test?

Red Teams are often confused with penetration testers due to their overlap in practices and skills, but we believe they are not the same. Penetration testers deal with the pursuit of one or several objectives. However, Red Teams have a specific

Read More

Penetration Testing, Security Program

Pen Testing - Why Purple Teams Should Never Exist

Purple teams are a controversial topic among cybersecurity professionals. There seems to be industry confusion regarding the definitions of Blue, Red and Purple teams. While descriptions of Blue Teams are relatively consistent, there are variations

Read More

Penetration Testing, Security Program

Five Reasons Internal Pen Testing is Necessary

Sometimes the best defense is a good offense.  In cybersecurity, you need to think like real-world attackers.  Security practitioners do this via penetration (pen) testing to find vulnerabilities that attackers could potentially exploit. 

Read More

Penetration Testing, Security Program

Using Open Source Intelligence (OSINT) for Attack Surface Analysis

As the world grows more interconnected through social media and digital communications, relevant information available to attackers grows exponentially. Open-source intelligence (OSINT) is the practice of collecting data from published or otherwise

Read More

Penetration Testing, Security Program

Five Steps to Pentesting Wireless

Wireless access points can be easy targets for a cybercriminal to breach your system. Whether installed by stealth or just innocently by shadow IT, rogue access pointsare a significant security threat to the entire network. Legitimate access points

Read More

Penetration Testing, Security Program

Pen Testing the Cloud and Hybrid Environments

Cloud technologies enable companies to build and run scalable applications in dynamic public, private, and hybrid environments. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify the elastic cloud

Read More