In today’s blog, we are going to explore a common category of attacks: denial of service attacks. You are likely familiar with the term, as it has been used commonly in the news. But what exactly is a denial of service attack, and more importantly, what are some steps you can take to prevent it […]
What is the Cybersecurity Maturity Model Certification or “CMMC”? How will the CMMC impact my business and what can I do to plan for the roll-out? What is the timing of the CMMC? Today, we explore all of these items in detail. What is the CMMC? The CMMC will be a new requirement for existing Department […]
What is the difference between HIPAA and HITRUST? That is a great question and something we are frequently asked when working with our healthcare clients and today we will walk through the differences at a high level. What is HIPAA? HIPAA stands for Health Insurance Portability and Accountability Act. In response to HIPAA of 1996, […]
Well now that it is officially December, we can start getting ready for Christmas. If you are anything like me, you haven’t even considered Christmas gifts until now, and we are running out of time. No need to worry, we have you covered. In this blog, we will look at several InfoSec gifts that are […]
Threat modeling is a term thrown around in a lot of different contexts, but it can sound daunting if your unfamiliar with it in practice. It really just refers to identifying what threats an organization, a target network, or an in-scope application should be worried about. For penetration testers, you are modeling (mapping out) the […]
As we continue our series explaining some of the most common web application vulnerabilities we encounter during penetration tests, we arrive at cross-site scripting (XSS). XSS comes in at number 7 on the most recent OWASP Top 10 release, so it is still an issue for a significant number of applications and organizations. Caused by […]
