As we continue to discuss the different types of Self-Assessment Questionnaires (SAQs) within PCI, we’re continuing with some of the smaller SAQs from a requirements and scope perspective. SAQ A-EP is interesting and a little different from the SAQs we’ve discussed previously because it is a subset or special case of SAQ A. It’s also […]
One of the most common questions I get asked when people find out that I am a penetration tester is, “How did you get into this field?” More accurately, they are asking how they can get into penetration testing themselves. As a managing partner of a penetration testing firm and a penetration tester myself, this […]
If you are in IT and looking to try to get into information security, the first place to start is by obtaining industry certifications. As I currently have my OSCP, CISSP, C|EH, GSEC, GCIH, PCIP and am working towards my CISA, I figured I was as good as any to review the certifications out there […]
Cloud computing isn’t really that new of a thing anymore. By now, many organizations are familiar with what it is and may even be considering migrating portions of their operations. But what we’re saying a lot of times is that, even though they may want to move to the cloud because it’s the cool thing […]
Organizations are starting to realized, given the news regarding data breaches over the past couple years, that your security perimeter can be as strong as Fort Knox, but all it takes is one employee to click on a malicious link and none of that matters. Everything you have done to secure your network and all […]
One of the most common compliance standards we deal with as an organization is the Payment Card Industry Data Security Standard (PCI DSS). Reading through this standard can be complex however, and trying to figure out how it applies to your organization can be a daunting task. For most organizations that have to complete a […]
When conducting wireless penetration tests, the most common type of wireless network we see is WPA2-PSK. While this is better than WEP (thank goodness we rarely see that anymore), this type of network still has some shortcomings, depending on what you are trying to protect. Specifically in this blog, we will focus on the dangers […]
One of the most common compliance standards we deal with as an organization is the Payment Card Industry Data Security Standard (PCI DSS). Reading through this standard can be complex however, and trying to figure out how it applies to your organization can be a daunting task. For most organizations that have to complete a […]
Organizations have varying levels of concern when it comes to a penetration test. Many of them have been through this process many times before, have had a multitude of different tests performed, and are not concerned in the slightest that testing will cause any sort of disruption. On the other side of the spectrum, some […]
All good (or in some cases bad) things come to an end. In the ever-changing world of technology, this is even more true. As Microsoft (or any other vendor) works on pushing new technology out, they will often mark older operating systems and applications as “end-of-life.” Some organizations, particularly those with a small IT budget, […]
