When working with a customer who hasn’t had regular penetration testing before, one of their primary concerns is usually “will a penetration test disrupt my business?” They may be required to get a penetration test completed in order to meet a compliance requirement, because a larger organization is asking them to, or simply because they […]
One of the primary reasons many organizations are looking to have a penetration test performed is because someone they want to do business with wants some assurance that they are secure. So in the interest of forming this new business relationship, they’ll go out to try and get a penetration test performed as soon as […]
In a previous blog, we covered the difference between an online and offline password attack. This blog will continue from there. Once a hacker is able to get your password hash offline for a password attack, let’s explore how a hacker guesses your password. As a point of clarification, this blog is written from the […]
The difference between offline and online password attacks could be the thing that prevents your account from being hacked and your organization being breached. In most cases, an attacker is going to be much more successful with an offline password attack than they will be from an online attack. But why? In this blog, we […]
A crucial part of maturing your overall incident response capabilities is dry-running the process through what are known as “tabletop exercises.” Imagine security meets Dungeons & Dragons-style role playing. In all seriousness, incident response tabletop exercises are a great opportunity to practice your incident response process in a realistic scenario, from the documentation to the defined […]
We get asked this almost as much as how often should we get a penetration test completed. There are many motivators and moving pieces that can drive the timing of a penetration test. Generally, if you’re asking “when should my company schedule a penetration test” the answer is “now”! Coming up with a regular schedule […]
