Security News

Types of Penetration Testing
2021-11-08 05:29

If you are thinking about performing a penetration test on your organization, you might be interested in learning about the different types of tests available. In contrast, internal penetration testing is concerned with testing your internal corporate environment.

Types of Penetration Testing
2021-11-08 05:29

If you are thinking about performing a penetration test on your organization, you might be interested in learning about the different types of tests available. In contrast, internal penetration testing is concerned with testing your internal corporate environment.

Penetration Testing Your AWS Environment - A CTO's Guide
2021-10-07 11:31

Here is where AWS environments can differ from traditional penetration tests as AWS networks' software-defined nature often means tighter controls are maintained between networks, and lateral movement is a challenge. The AWS configuration review should include, and inform you of, how your users and services access and interact with your AWS environment, including permissions assigned to those users and services.

How penetration testing can promote a false sense of security
2021-05-17 21:38

Penetration testing in and of itself is a good way to test cybersecurity, but only if every nook and cranny of the digital environment is tested; if not, there is no need to test. By tools, Gurzeev is referring to penetration testing: "Penetration testing is a series of activities undertaken to identify and exploit security vulnerabilities. It helps confirm the effectiveness or ineffectiveness of the security measures that have been implemented."

Penetration testing leaving organizations with too many blind spots
2021-04-29 04:00

While organizations invest significantly and rely heavily on penetration testing for security, the widely used approach doesn't accurately measure their overall security posture or breach readiness - the top two stated goals among security and IT professionals. The research, conducted by Informa Tech, surveyed enterprises with 3,000 or more employees and found that 70 percent of organizations perform penetration tests as a way to measure their security posture and 69 percent to prevent breaches, yet only 38 percent test more than half of their attack surface annually.

How Kali Linux creators plan to handle the future of penetration testing
2020-12-09 06:00

Offensive Security might best known as the company behind Kali Linux, the popular open-source pen testing platform, but its contribution to the information security industry is definitely not limited to it. Updated its most popular training and certification courses, including Penetration Testing with Kali Linux and Advanced Web Attacks and Exploitation.

Penetration testing isn’t enough, you need to activate full offensive operations
2020-11-23 16:00

While penetration testing is one of the oldest disciplines in computer security, it doesn't quite cover the full range of activities security pros need to undertake to ensure they've got every angle covered. That's why SANS Institute has grouped its Penetration Testing, Red Team, Purple Team and Exploit Development courses under the umbrella of Offensive Operations.

Can automated penetration testing replace humans?
2020-10-29 06:00

While crowdsourced security has evolved as an alternative to penetration testing in the past 10 years, it's not based on automation but simply throwing more humans at a problem. Tools that can be used to automate penetration testing under certain conditions have surfaced - but can they replace human penetration testers?

What a year of penetration testing data can reveal about the state of cybersecurity
2020-08-27 11:57

From web app flaws to a lack of 2FA, Rapid7 found lots of common soft targets in the networks it breached on behalf of clients.

What a year of penetration testing data can reveal about the state of cybersecurity
2020-08-26 13:05

SecOps firm Rapid7 has released its annual look at the state of the penetration testing industry, with findings including a significant spike in the number of vulnerable VPN connections, widespread lack of multifactor authentication, and a high volume of poorly configured internal networks making it easier for attackers to move laterally once inside. Passwords are supposed to be kept secret, the report states, but "Humans and their woefully unoriginal meat brains" make guessing those passwords far easier than can be considered safe.