In our article last week on how to get started when building a security program, we covered a lot of the foundational aspects you should be considering when trying to start an information security program for the first time or build a more organized roadmap to mature your current security program. You may be doing […]
Bug bounty programs are becoming an increasingly popular tool that organizations are using to help prevent a data breach. In comparing bug bounty programs to penetration testing, there are several advantages of a bug bounty program that deserve our attention. In this blog, we will explore several of the advantages of a bug bounty program […]
Building a security program for an organization can be overwhelming. If you don’t have anything in place for managing information security, you’re probably already behind the curve. Information security is quickly becoming a baseline requirement for organization’s of all sizes, from mom and pop shops to start-ups to Fortune 500s. Large organizations are being increasingly […]
Spoiler alert! In this blog, I will not be giving you a silver bullet for security or tell you the exact MFA solution you should use for your for small business. Rather, we will look at the key things you need to consider when purchasing and implementing multi-factor authentication (MFA). Before we get into the […]
As you might imagine, penetration testing is an extremely technical field that leverages state of the art technology and concepts. With that in mind, it is not always easy to describe a penetration test, what penetration testing consists of, and what they can achieve to non-technical individuals. This includes members of senior management, board members, […]
Regular penetration tests, unfortunately, do not guarantee you won’t be hacked. In fact, if a firm offers you any sort of guarantee with regards to the results and your susceptibility to a breach following an assessment, this should be a red flag. While we can’t give you a penetration test guarantee that you won’t be […]
As we’ve discussed previously, a host compliance audit is an assessment of the configuration of a particular system (workstation, server, or network device) or set of systems. The configuration settings are compared to published security standards, industry best practice, and the security engineer’s experiences to highlight potential vulnerabilities and misconfigurations that result in risks to […]
A host compliance audit is a type of security assessment that involves the manual inspection of a workstation, server, or network device by a trained security engineer in order to evaluate the configuration, hardening, and security controls applied to the target. Using a published best practice standard, like the Center for Internet Security (CIS) benchmarks, […]
A password spray or password spraying attack is one of the most useful items in a penetration testers toolbox. This style of attack is used on almost every single external and internal penetration test. And if penetration testers are using it, you know that means hackers and malicious actors out there are using it as […]
Before you hire someone to physically break into your organization, it is probably a good idea to understand what steps they are going to take. In this blog, we will review our physical penetration testing methodology, which is the basic outline for any physical penetration test we perform. If you haven’t already, it might be […]
