Since the introduction of Android Nougat, users no longer have the ability to add user or admin supplied CA certs without using a rooted device. Because of this, android penetration testing is effectively impossible without taking some necessary steps to proxy traffic to Burpsuite. This tutorial will provide instruction on how to bypass this restriction […]
2021 is finally here! While that is a relief for all of us, there are some cyber security trends from 2020 that will likely carry over into 2021. In this blog, we will look at three key cyber security trends we expect in 2021, and how we recommend you respond in anticipation of them. We […]
Many organizations, especially small-to-medium sized businesses, may feel overwhelmed when it comes to information security. With all of the news articles and blog posts warning about security-related threats and attacks, a ton of people feel like they need to do something to protect their business but have no idea where to start. This can be […]
There are a variety of ways to test the maturity of your security program, including a gap analysis and a penetration test. However, it can be overwhelming to hear about these different types of security assessments and try to make an informed decision about what is right for your organization and your budget. The different […]
We get a decent amount of questions regarding the right approach to both penetration testing in the cloud and vulnerability scanning cloud-hosted assets. While we’ve already written several posts on how to approach penetration testing for AWS, Azure, and other cloud providers, today we’ll take a step back and focus on AWS vulnerability scanning best […]
Risk assessments are a way of reviewing your assets, the threats to those assets, any vulnerabilities or conditions that leave them open to those threats, and what you are doing to mitigate the risk to those assets. What comes out of that analysis ultimately is an understanding of your residual risk, or how likely is […]
Vulnerability management programs and the vulnerability management tools that support these processes are becoming more and more important to organizations. As the cybersecurity threat landscape shifts more quickly than ever, organizations have to try to stay caught up with new vulnerabilities that could be affecting them to avoid being caught in waves of cyber attacks. […]
The Payment Card Industry (PCI) Security Standards Council (SSC) is an independent body created by Visa, MasterCard, Discover, American Express, and JCB formed in 2006 to develop and enforce standards to protect credit card information. Together, they created the PCI Data Security Standard (DSS), a baseline set of technical and operational requirements which applies to […]
Zoom has seen an incredible up-tick in their user base during the COVID-19 pandemic. Between schools, businesses, and individuals just trying to stay connected with family, Zoom has been one of the most popular video conferencing solutions to meet everyone’s newfound needs in this new remote and socially-distanced environment. With all of this increased attention […]
A common term used in many different industries is authentication. In information security specifically, authentication is the process of determining if a person is who they say they are. Usually, this process is completed prior to giving that person access to something, so you can envision authentication as a guarded gate before a person is […]
