Penetration Testing, Security Program

Five Steps to Pentesting Wireless

Wireless access points can be easy targets for a cybercriminal to breach your system. Whether installed by stealth or just innocently by shadow IT, rogue access pointsare a significant security threat to the entire network. Legitimate access points are often misconfigured or

Read More

Penetration Testing, Security Program

Pen Testing the Cloud and Hybrid Environments

Cloud technologies enable companies to build and run scalable applications in dynamic public, private, and hybrid environments. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify the elastic cloud

Read More

Penetration Testing, Security Program, Red Teaming

The Hackers Guide to API Penetration Testing

Pen testing has traditionally focused on realistic simulated attacks on your network, operating systems and applications. In today's interconnected world, application programming interfaces (APIs) have rapidly become predominant tools for providing

Read More

Penetration Testing, Security Program, Red Teaming

Vulnerability Assessment, Penetration Testing, and Red Team Conflation

Red Team vs. Penetration Test vs. Vulnerability Assessment - Seven characteristics that set these services apart and why it matters to you.

Read More

Penetration Testing, Security Program, Risk Assessment, Red Teaming

Combating Feedback Loops with Attack Surface Analysis

Everyone knows there are threats out there hell-bent on destroying our organizations. Innovative businesses everywhere are taking a risk-based approach to prevent mission compromise. This approach involves leveraging a risk assessment framework as

Read More

Penetration Testing, Security Program, Risk Assessment

Combating Ransomware Attacks Through Comprehensive Penetration Testing

Ransomware is still a major threat. In fact, the Tactics, Techniques and Procedures (TTP's) of  ransomware gangs have evolved so much that it has created new business models within the darknet where premium services such as Ransomware as a Service

Read More

CISO, vCISO, Penetration Testing, HIPAA, Security Program, Risk Assessment

The One Reason to Pen Test Data Backup Systems - Ransomware Protection

At the heart of your disaster recovery plan, organizations often disregard data backup and recovery systems when it comes to pen testing and maintaining security. Vulnerable backup systems make for an attractive target by ransomware gangs, grief/

Read More

PCI DSS, CISO, vCISO, Penetration Testing, HIPAA, Security Program, Risk Assessment, Red Teaming

The 0-day in the Room Nobody is Talking About: Scope

Scope is an important shaping tool that, when leveraged properly, can help enhance engagement outcomes during penetration testing, red team and other security operations. Like any tool, however, when used incorrectly it can have devastating

Read More

Penetration Testing, Security Program, CCPA, ISO27001

Do you have APIs? How do you test them?

Application Program Interfaces (APIs) have changed in nature in recent years and are increasingly (and sometimes inadvertently) being made available to users of web services, the “Apps” (applications) on mobile devices, and internally for the web

Read More

PCI DSS, vCISO, Penetration Testing, Security Program

What is “Internal Penetration testing” for PCI DSS requirement 11.3

Introduction PCI DSS requires Internal, External Penetration testing, and Segmentation testing. But these terms are not crisply defined. In fact, “internal” is used elsewhere in the standard (for example internal vulnerability scanning) where it

Read More