We often get asked, “Why should we go with your firm, you seem smaller than your competitors?” We take pride in being a small penetration testing firm, and it comes with many advantages that can ultimately help our clients. Advantages Cost savings – As a small business, we’re able to keep overhead expenses down and ultimately […]
Organizations often spend the vast majority of their resources on securing their systems from external threat actors, while spending far less time protecting the “gooey” center of their networks. The same seems to hold true for cloud environments. While companies continue to flock to the cloud faster than ever before (more than 93% of companies […]
By now, I think everyone has heard the phrase “moving to the cloud” enough to make their head spin. And it’s true, organizations are steadily moving to the cloud because of the many benefits this model of operation offers. According to Forbes in 2017, “hybrid cloud adoption grew 3x in the last year, increasing from […]
The PCI Council released a minor update to the Payment Card Industry Data Security Standard (PCI DSS) in May of this year. Their isn’t really anything earth shattering included in these PCI DSS changes, but it’s always worth knowing exactly what changes are made, especially if being PCI compliant affects your business. The changes from […]
One of the things we often see during an external penetration test is unnecessary services exposed to the Internet. This will increase the attack surface of your organization, ultimately giving hackers more ways to try to break into your organization. One of the main principles to follow when setting up your perimeter firewall is to […]
Before we start any engagement, we like to go over a document that lists all of the Rules of Engagement (ROE) for the upcoming penetration test. We cover things like making sure you have approval from your cloud provider, when status updates will be sent to the client, and how time sensitive and critical issues […]
A web application penetration test takes a look at the security of external or internal application for your organization. This type of testing goes above and beyond standard network-level penetration testing, focusing on the both the unauthenticated and authenticated portions of a website. But why do web application penetration testing? What threats are you addressing for […]
If there is one type of assessment that is not like the others, it is the physical penetration test. A physical penetration tests assesses the risk to your organization of an attacker physically breaking in. This blog will explore the physical penetration test, what questions it answers, what type of clients typically seek physical penetration […]
The term “Rules of Engagement” sounds intimidating the first time you hear it, but don’t be alarmed, it is meant to protect both you as the client and your penetration testers. The Rules of Engagement, or ROE, are meant to list out the specifics of your penetration testing project to ensure that both the client […]
Segmentation is not a requirement to meet PCI compliance. However, it is strongly recommended by the PCI Council as it can greatly reduce the cost, scope, and difficulty of meeting compliance. In this blog, we will explore these reasons a bit further and explain the importance of PCI segmentation. What is Segmentation? Segmentation, from a […]
