A normal security program will incorporate vulnerability scans and penetration tests to help measure the effectiveness of their security controls, but oftentimes doing a more detailed review of their key security devices is overlooked. The most important of these security devices is usually the firewall. A firewall configuration review takes a deeper dive into the […]
Update: Amazon has removed their requirement for an AWS Penetration Testing Request Form to be completed prior approval for penetration testing on most services as of March 2019. This means the form explained in this article is no longer necessary to submit prior to having a penetration test performed. For all the details and a […]
Our engineers have noticed a trend over the past year of poor IT management passwords, and it has caused some concern, so we thought we would write a blog post about it to try and bring awareness to this issue. Many organizations, especially small and mid-size businesses who don’t have the resources internally, will outsource […]
Many of our clients are getting penetration tests not only to improve their security posture, but also to use the results to satisfy a client’s requirements or integrate the results into their sales materials. We get asked quite often how other organizations handle communicating penetration testing results, while avoiding divulging sensitive information. Below, we highlight […]
By now, you may have seen some of the release announcements for RFC 8446, the latest iteration of the TLS protocol known as TLSv1.3. This major overhaul has been a long time in the making, as the Internet Engineering Task Force (IETF) have been working on it for the past five years, and introduces some […]
A wireless penetration test is a little different than most penetration tests, as it includes some elements of auditing and some elements of tactical testing. Because of that, it can be hard to discern what is included in a wireless penetration test. In this blog, we will break down a wireless penetration test into its […]
Tactical security assessments are great, with a focused scope that produces specific output aimed at improving the security of one particular aspect of your organization, whether it be your e-commerce website, your network perimeter, or your employee’s security awareness. But sometimes, it’s helpful to figure out what your organization’s strategic security posture looks like, and […]
In this blog we will cover the top three ways that we break into a building when performing a physical penetration test. For more information on physical penetration tests, and the questions they answer, start here. This will include some realistic physical penetration test examples you can expect if you were to be tested, such […]
Information security and corporate network defense is tough. In a constantly changing and advancing industry, it can be hard to figure out where to start when you’re trying to build or improve a corporate security program. Standards and benchmarks are not a sexy or exciting topic, but when you need a starting place to figure […]
One of the common questions we get asked is how to effectively communicate penetration testing results to senior leaders, including C-suite executives and the board of directors. Below are some pointers on how to best navigate these often slippery slopes. Communicating Good Results Your penetration test came back and your firm performed exceptionally well, with […]
