Security News
Penetration testing in and of itself is a good way to test cybersecurity, but only if every nook and cranny of the digital environment is tested; if not, there is no need to test. By tools, Gurzeev is referring to penetration testing: "Penetration testing is a series of activities undertaken to identify and exploit security vulnerabilities. It helps confirm the effectiveness or ineffectiveness of the security measures that have been implemented."
While organizations invest significantly and rely heavily on penetration testing for security, the widely used approach doesn't accurately measure their overall security posture or breach readiness - the top two stated goals among security and IT professionals. The research, conducted by Informa Tech, surveyed enterprises with 3,000 or more employees and found that 70 percent of organizations perform penetration tests as a way to measure their security posture and 69 percent to prevent breaches, yet only 38 percent test more than half of their attack surface annually.
Offensive Security might best known as the company behind Kali Linux, the popular open-source pen testing platform, but its contribution to the information security industry is definitely not limited to it. Updated its most popular training and certification courses, including Penetration Testing with Kali Linux and Advanced Web Attacks and Exploitation.
While penetration testing is one of the oldest disciplines in computer security, it doesn't quite cover the full range of activities security pros need to undertake to ensure they've got every angle covered. That's why SANS Institute has grouped its Penetration Testing, Red Team, Purple Team and Exploit Development courses under the umbrella of Offensive Operations.
While crowdsourced security has evolved as an alternative to penetration testing in the past 10 years, it's not based on automation but simply throwing more humans at a problem. Tools that can be used to automate penetration testing under certain conditions have surfaced - but can they replace human penetration testers?
From web app flaws to a lack of 2FA, Rapid7 found lots of common soft targets in the networks it breached on behalf of clients.
SecOps firm Rapid7 has released its annual look at the state of the penetration testing industry, with findings including a significant spike in the number of vulnerable VPN connections, widespread lack of multifactor authentication, and a high volume of poorly configured internal networks making it easier for attackers to move laterally once inside. Passwords are supposed to be kept secret, the report states, but "Humans and their woefully unoriginal meat brains" make guessing those passwords far easier than can be considered safe.
Offensive Security announced a major update to its flagship Penetration Testing with Kali Linux training course. The new course doubles the amount of content available to train students the skills and mindset required to be a successful security professional and prepare for the Offensive Security Certified Professional certification.
Israeli cybersecurity firm Pcysys announced on Wednesday that it has completed a $10 million Series A funding round, which brings the total raised by the company to $15 million. read more
Riptide Software’s new penetration testing suite has been released. The continued growth of managed IT services has allowed Riptide to offer new cybersecurity services, such as penetration...