Organizations often spend the vast majority of their resources on securing their systems from external threat actors, while spending far less time protecting the “gooey” center of their networks. The same seems to hold true for cloud environments. While companies continue to flock to the cloud faster than ever before (more than 93% of companies […]
By now, I think everyone has heard the phrase “moving to the cloud” enough to make their head spin. And it’s true, organizations are steadily moving to the cloud because of the many benefits this model of operation offers. According to Forbes in 2017, “hybrid cloud adoption grew 3x in the last year, increasing from […]
The PCI Council released a minor update to the Payment Card Industry Data Security Standard (PCI DSS) in May of this year. Their isn’t really anything earth shattering included in these PCI DSS changes, but it’s always worth knowing exactly what changes are made, especially if being PCI compliant affects your business. The changes from […]
One of the things we often see during an external penetration test is unnecessary services exposed to the Internet. This will increase the attack surface of your organization, ultimately giving hackers more ways to try to break into your organization. One of the main principles to follow when setting up your perimeter firewall is to […]
Before we start any engagement, we like to go over a document that lists all of the Rules of Engagement (ROE) for the upcoming penetration test. We cover things like making sure you have approval from your cloud provider, when status updates will be sent to the client, and how time sensitive and critical issues […]
A web application penetration test takes a look at the security of external or internal application for your organization. This type of testing goes above and beyond standard network-level penetration testing, focusing on the both the unauthenticated and authenticated portions of a website. But why do web application penetration testing? What threats are you addressing for […]
