Security News

Pen testing helps to identify security flaws in your IT infrastructure before threat actors can detect and exploit them. Here, we outline key factors to consider before, during, and post the penetration testing process.

SpecterOps released version 5.0 of BloodHound Community Edition, a free and open-source penetration testing solution that maps attack paths in Microsoft Active Directory and Azure environments. "The way that BloodHound Community Edition maps out Attack Paths in AD and Azure is unique - there isn't another tool that can find hidden and unintentional relationships to identify complex Attack Paths that attackers can exploit. After this update, the tool will offer a user experience closer to an enterprise-grade product than an open-source tool," Andy Robbins, co-creator of BloodHound and a Principal Product Architect at SpecterOps, told Help Net Security.

Red Siege has developed and made available many open-source tools to help with your penetration testing work. The company plans to continue to support the tools listed below, whether in the form of bug fixes or new features.

Penetration testing is an essential tool for identifying, analyzing, and mitigating security risks. Mobile app penetration testing: analyzes the security of an organization's mobile applications, looking for mobile-specific security issues that could be used by attackers.

Among these tools, Burp Suite stands out as one of the most popular and widely used options among security professionals and enthusiasts alike. Here's a collection of Burp Suite extensions to make it even better.

People frequently confuse penetration testing and vulnerability scanning, and it's easy to see why. Penetration testing is a manual security assessment where cyber security professional attempts to find a way to break into your systems.

Some of these related terms are vulnerability scanning and penetration testing, commonly known as pen testing. Key differences between vulnerability scanning and pen testing Automation Vulnerability scanning.

If you Google "How often should I do penetration testing?", the first answer that pops up is "Once a year." Indeed, even industry-leading standards like PCI-DSS dictate that external penetration testing be conducted annually, while internal penetration testing takes place annually, with segmentation testing occurring every six months. Gartner calls these threats "High momentum threats" and recommends that organizations at risk adopt a more streamlined approach to cybersecurity - including pen testing.

Offensive Security, the creators of Kali Linux, announced today that they would be offering free access to their live-streamed 'Penetration Testing with Kali Linux' training course later this month. The course will prepare you for the Offensive Security Certified Professional certification exam, taught in person before the pandemic.

Readers will be introduced to their own virtual hacking lab and will learn about different flavors of Kali Linux installed onto different platforms. This book is suitable for those who are passionate about securing things in an offensive way and can be useful for aspiring red teamers.