There are several phases of a security incident that are important, but first and foremost, the identification that an incident occurred is your first opportunity to gather information and understand what is going on. It’s helpful to have a checklist that employees are aware of to take down some initial information that can help your […]
One of the questions we get most when at hiring events, conferences, trade shows, etc. is how can someone get into penetration testing or break into the industry as a penetration tester? There are many avenues to becoming a penetration tester, but today we will touch on a few strategies to help get your foot […]
In today’s blog, we are going to discuss three potential show stoppers for a QSA On-site Assessment. These all come from recent conversations with potential clients, and all three would have resulted in a failing Report on Compliance (RoC). So as a result, we thought a blog discussing what those are and what to do […]
As penetration testing continues to grow in popularity and more companies are either required to have it or are doing it as part of best practice, people are running into the problem of how to shop for penetration testing. But what makes a good penetration testing company and how do you compare companies? What should […]
We have clients reaching out for a penetration test with a myriad of different drivers for needing to complete the assessment. Sometimes, clients know what they need and why they need it. Other times, they are looking for coaching as to what they should get done and what that particular test will achieve. Today, we […]
For those of you who aren’t familiar, the FBI and Apple have been at odds for some time. It started back in 2016 when the FBI used the tragedy in San Bernardino to try to convince Apple to make it so that the FBI can break into Apple devices if such an incident were to […]
A common question we’ve run into over the past several months when scoping out API penetration tests is surrounding the API documentation. Specifically, the API endpoint/function definitions that list all of the available functions within a target API and the required request parameters used to interact with that function. These documents will also usually include […]
Let’s cut straight to the chase. In this blog, we are going to look at two VPN best practices to make sure you are secure in your use of these network tools. Your VPN is the gateway to your internal network, allowing anyone on the Internet who is able to authenticate to directly access your […]
The prevalence of security incidents and hacking continues to increase, as financially-motivated attackers continue to target businesses with everything from social engineering attacks to data harvesting. Small-to-Medium-sized Businesses (SMBs) remain easy targets due to the ease with which adversaries can launch attacks. These organizations are fighting an uphill battle when trying to protect themselves, as […]
One of the common questions that comes up when we are talking to potential clients is whether they need to do some PCI consulting before a PCI Audit to help them prepare. The short answer is no. There is no requirement for you to undergo any type of consulting or pre-assessment before a QSA on-site […]
