Just for the fun of it, I am going to do a series of blogs talking about some of the physical penetration tests I have done. War stories, if you will. Of course we will keep the clients anonymous throughout and hopefully they have fixed these items by now anyway, as it has been some […]
Unfortunately, there is no cut and dry answer to the question of “when is the best time for a penetration test“. As with many nuanced areas of life, the answer is “it depends”. There are many scenarios that could warrant the need for a penetration test and organization-specific situations that could change your needs. Let’s […]
Creating secure web applications is hard. There are a number of reasons for this, but one contributing factor is language-specific oddities. Specifically, different programming languages handle data differently and, in some cases, these differences can have a significant impact on security. Let’s take a look at one somewhat-exotic example of a language-specific idiosyncrasy within PHP, […]
In this blog, let’s take a look at what is sure to be one of the biggest information security events of 2020: The Twitter Hack. While it is still very early and details are still coming out, lets take a quick look at what we know so far and some lessons we should learn from […]
Let’s say you just received a penetration test report from a company and you are working with your internal IT team or development team to triage and fix the issues raised. Someone on your team is of the mindset that fixing the medium/low priority issues in report isn’t even worth the amount of resources it […]
An integral part of any company is the IT help desk. While some people have horror stories from working with help desks in the past, they play a very important role in your overall security program. They are often the targets of sophisticated social engineering attacks and, as such, need to have strong processes in […]
