The Hacker News

DECEMBER 14, 2023

Network penetration testing plays a crucial role in protecting businesses in the ever-evolving world of cybersecurity. This blog acts as a quick guide on network penetration testing, explaining what it is, debunking common myths and reimagining its role in

Penetration Testing 68

Penetration Testing Cybersecurity 68

Schneier on Security

AUGUST 31, 2022

During the process, the group broke into the school’s IT systems; repurposed software used to monitor students’ computers; discovered a new vulnerability (and reported it ); wrote their own scripts; secretly tested their system at night; and managed to avoid detection in the school’s network. It has a happy ending: no one was prosecuted.

Hacking 209

Hacking Penetration Testing Accountability Software 209

NetSpi Executives

MARCH 19, 2024

Vulnerability scanners help scan known assets, but what about the assets you don’t know exist? Without this essential step, the scanner lacks the intelligence to identify assets, as its sole purpose is to scan what it’s told to. How NetSPI Attack Surface Management covers gaps The beauty of ASM is its ability to uncover what’s unknown.

Penetration Testing 98

Penetration Testing DNS Technology Internet 98

Security Boulevard

MAY 8, 2022

In the world of cybersecurity, various types of penetration testing exist, but before we explore the various kinds, what is penetration testing? A penetration test intends to identify network, system, or application vulnerabilities of an organization. A penetration tester submits […].

Penetration Testing 98

Penetration Testing Cybersecurity 98

NetSpi Executives

MARCH 5, 2024

Table of Contents What is External Attack Surface Management? 1 What is External Attack Surface Management? See what NetSPI ASM can do for your security by watching an on-demand demo of NetSPI’s solution. Tests often result in a lengthy list of vulnerabilities that are ranked by severity.

Penetration Testing 64

Penetration Testing Technology Marketing Mobile 64

SecureBlitz

NOVEMBER 10, 2021

If you want to learn how OWASP penetration testing can keep your website secure, read on. In the world of cybersecurity, there is a lot of misinformation and misunderstanding about what OWASP Penetration Testing actually is.

Penetration Testing 76

Penetration Testing Cybersecurity 76

CyberSecurity Insiders

APRIL 14, 2023

This is the second blog in the series focused on PCI DSS, written by an AT&T Cybersecurity consultant. See the first blog relating to IAM and PCI DSS here. This occurs frequently on penetration and vulnerability test reports that I’ve had to assess.

Penetration Testing 102

Penetration Testing DNS Passwords Accountability 102

NetSpi Executives

FEBRUARY 13, 2024

What is Proactive Security? Tim explains that in terms of proactive security, the approach involves considering the continuity beyond isolated engagements, such as performing an external penetration test. Read on for the highlights or watch the webinar for the full conversation. Can I maintain continuous awareness of them?

Penetration Testing 94

Penetration Testing IoT Cyber threats Mobile 94

The Last Watchdog

MARCH 15, 2021

Related: Integrating ‘pen tests’ into firewalls. Penetration tests are one way of mitigating the security risks that arise and make sure that we are not endangering users, their data, and the trust they inherently place in technology. Pen test types. Grey box testing is the next level of knowledge of a system.

Penetration Testing 124

Penetration Testing Social Engineering Cybersecurity Engineering 124

NetSpi Executives

FEBRUARY 21, 2024

5 Questions to Ask for Better AI Security What is the business use-case of the model? What is the target function or objective of the model? Understanding what the model aims to achieve, whether it’s classification, regression, or another task, can help in identifying possible adversarial manipulations.

Artificial Intelligence 111

Artificial Intelligence Cybersecurity Penetration Testing Architecture 111

Webroot

JUNE 1, 2021

In a previous post, we talked a bit about what pen testing is and how to use the organizations that provide them to your benefit. But, what about when one of them hands a client a failing grade? When a customer reaches out after failing penetration testing, it can put an MSP on its heels and create unnecessary angst.

Penetration Testing 118

Penetration Testing 118

Heimadal Security

OCTOBER 22, 2021

The Russian Advanced Persistent Threat (APT) group FIN7 is trying to break into the lucrative ransomware market by creating bogus cybersecurity organizations that perform network attacks under the pretense of pentesting (penetration testing), also known as ethical hacking. What Is FIN7?

Penetration Testing 82

Penetration Testing Ransomware Marketing Hacking 82

The Last Watchdog

DECEMBER 14, 2022

For years, penetration testing has played an important role in regulatory compliance and audit requirements for security organizations. However, a longtime challenge with pentesting has been the “point-in-time” nature of the tests. Related: The case for proactive pentests. Continuous pentesting.

Penetration Testing 229

Penetration Testing Risk Marketing Cybersecurity 229

The Last Watchdog

OCTOBER 5, 2023

Here is Erin’s Q&A column, which originally went live on OneRep’s well-done blog.) For the first expert interview on our blog, we welcomed Pulitzer-winning investigative reporter Byron V. What drew you to this field? Erin: What cybersecurity technologies are you most excited about right now?

Cyber threats 203

Cyber threats Cyber Insurance Cybersecurity Threat Detection 203

CyberSecurity Insiders

MAY 9, 2023

This is the fifth blog in the series focused on PCI DSS, written by an AT&T Cybersecurity consultant. See the first blog relating to IAM and PCI DSS here. See the second blog on PCI DSS reporting details to ensure when contracting quarterly CDE tests here. The fourth blog on API testing for compliance is here.

Penetration Testing 81

Penetration Testing Wireless Risk Firewall 81

NetSpi Executives

SEPTEMBER 26, 2023

At Black Hat, NetSPI VP of Research Karl Fosaaen sat down with the host of the Cloud Security Podcast Ashish Rajan to discuss all things Azure penetration testing. Configuration review focuses on seeing what’s exposed to the internet, or what an internal networking looks like from virtual networks.

Penetration Testing 59

Penetration Testing Cyber threats Internet Internet 59

Pentester Academy

MARCH 29, 2023

Penetration testing is an integral part of cybersecurity, so it’s no surprise that it’s a rapidly growing role. O’Net Online reports that penetration testing roles will grow by almost 35,000 jobs by 2031, a faster-than-average growth rate. The entire thing is open book, just like in real life. Getting started is easy!

Penetration Testing 52

Penetration Testing Cybersecurity Accountability Technology 52

NetSpi Executives

JANUARY 8, 2024

In case you missed it, Chubb, one of the leading publicly traded property and casualty insurance companies, announced an innovative collaboration with NetSPI to strengthen client cyber-risk profiles via enhanced attack surface management and penetration testing solutions. What is proactive security?

Cyber Insurance 64

Cyber Insurance Insurance Penetration Testing Cyber threats 64

NetSpi Executives

FEBRUARY 13, 2024

What is Proactive Security? Tim explains that in terms of proactive security, the approach involves considering the continuity beyond isolated engagements, such as performing an external penetration test. Read on for the highlights or watch the webinar for the full conversation. Can I maintain continuous awareness of them?

Penetration Testing 52

Penetration Testing IoT Cyber threats Mobile 52

NetSpi Technical

MARCH 14, 2024

As Azure penetration testers, we often run into overly permissioned User-Assigned Managed Identities. We’ve linked out on the above list to some blogs that show how to use those services to attack Managed Identities. We will use this post to expand on Rogier’s blog and show a new MicroBurst function that automates this attack.

Penetration Testing 133

Penetration Testing Accountability Authentication Engineering 133

NetSpi Technical

SEPTEMBER 22, 2023

Basics of Macros Gathering Dynamic Values Macros for Complex Situations Basics of Macros In this first video, I cover a couple of basics of Macros: what they are, why we might use them, and 2 demos of basic usage. What is this app? Yes, we are encouraging you to test in Burp! A stock trading app that has a multi-step process.

Penetration Testing 81

Penetration Testing Authentication Passwords 81

Veracode Security

JANUARY 26, 2021

Ideally, you should be using every testing type ??? static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. Each AppSec test has its own strengths and weaknesses, with no one tool able to do it all. and always will be ??? If you don???t

Penetration Testing 81

Penetration Testing Risk Software Banking 81

Webroot

APRIL 15, 2021

Pen testing is the art of attempting to breach an organization’s network, computers and systems to identify possible means of bypassing their defenses. But there are ways pen testing organizations can help MSPs. Before we get to that, more details on types of pen tests. Before we get to that, more details on types of pen tests.

Penetration Testing 83

Penetration Testing Social Engineering Security Defenses Marketing 83

NetSpi Executives

OCTOBER 10, 2023

What is DSO? Challenge yourself to move beyond blog posts, how-tos, and simple payloads. DSO Azure: Azure Cloud Pentesting Training Traditional penetration testing has focused on physical assets on internal and external networks. Your DSO experience will continue to be exceptional. Register for Dark Side Ops today.

Penetration Testing 52

Penetration Testing Cybersecurity Accountability Malware 52

NetSpi Executives

JANUARY 30, 2024

What to Look for When Evaluating External Attack Surface Management Providers To simplify the process of evaluating attack surface management vendors, we’ve identified five important criteria to look for when comparing different companies.

Technology 94

Technology Penetration Testing Risk Internet 94

eSecurity Planet

FEBRUARY 2, 2024

Rapid7 published blogs detailing the successful and failed breaches of the 2024 event. As you’re developing a strategy to protect your connected environments, consider watching product demos, hiring penetration testers, and investing in solutions specifically designed to protect your devices.

Hacking 125

Hacking IoT Firmware Cybersecurity 125

Cisco Security

APRIL 5, 2021

This blog is co-authored by Matthew McCullough and is part three of a four-part series about DevSecOps. This blog focuses on application security and how Cisco validates its software based on industry and internal security standards. After an application is developed, multiple tests are run (e.g., But beware. Components of CAVE.

Penetration Testing 78

Penetration Testing Engineering Software Internet 78

NetSpi Executives

MARCH 26, 2024

Here’s what I thought of my time at the event. Mainframe is happening now! Mainframe computers have a wonderfully rich history that spans decades, and as such there have been many groups over the years that bring practitioners, vendors, and resource owners together for collaboration.

Penetration Testing 59

Penetration Testing Encryption Insurance Healthcare 59

Krebs on Security

MARCH 2, 2020

What caught our attention was the nature of the victims and the fact that there were no other observed compromises outside of France,” said Sasha Angus, vice president of intelligence for HYAS. ” A LinkedIn profile for a Yassine Algangaf says he’s a penetration tester from the Guelmim province of Morocco.

DNS 253

DNS Penetration Testing Malware Hacking 253

NetSpi Technical

MARCH 11, 2024

This blog will cover how we discovered CVE-2024-21378 and weaponized it by modifying Ruler , an Outlook penetration testing tool published by SensePost. The first attachment of the form description and a special property, 0x6902001F , determines what registry keys need to be added under the CLSID to install the form.

Authentication 145

Authentication Penetration Testing Technology Phishing 145

Jane Frankland

APRIL 18, 2023

The finding comes from a Hewlett Packard internal report, and is often quoted in webinars, panels, talks, blogs, and books, including Lean In and The Confidence Code. Her findings confirmed what she’d suspected all along: there was little difference between genders. It’s usually raised as evidence that women need more confidence.

Penetration Testing 100

Penetration Testing Cybersecurity Education Accountability 100

Veracode Security

JANUARY 22, 2021

A joint blog post from Veracode and ThreadFix. What that means is that instead of implementing AppSec scans right before production, which can be time-consuming, many organizations are starting their scans during the development phase. Scans like penetration tests or dynamic analysis are best performed in runtime.

Penetration Testing 52

Penetration Testing Retail Software Technology 52

McAfee

JUNE 17, 2021

Until recently, discovering the answer to such questions has required exercises such as white hat penetration testing or the completion of lengthy or sometimes generic security posture questionnaires. What are the threats (events perpetrated by threat actors in the context of the critical assets and vulnerabilities)?

Penetration Testing 97

Penetration Testing CISO Risk Cyber Insurance 97

Security Boulevard

FEBRUARY 24, 2022

Yes, and that is what Sony exactly lost when they were hacked and the personal info of every one of its customers leaked in 2011. The post GUEST ESSAY: Here’s why penetration testing has become a ‘must-have’ security practice appeared first on Security Boulevard. A reported loss of $171 Million. Huge sum, right? This … (more…).

Penetration Testing 62

Penetration Testing Hacking Security Awareness 62

Centraleyes

DECEMBER 14, 2023

What is DORA? Testing and Auditing of ICT Systems and Processes DORA introduces a regimen of digital operational resilience testing. These tests, designed to be proportional to the entity’s size, business, and risk profile, are a critical component of DORA’s requirements.

Data breaches 111

Data breaches Risk Penetration Testing Cybersecurity 111

LRQA Nettitude Labs

MARCH 22, 2023

A covert entry assessment is a physical security assessment in which penetration testers try to gain access to sensitive or valuable data, equipment, or a certain location on a target site, without being detected. From a physical security penetration tester’s perspective, ideally a pretext would not be necessary.

Social Engineering 52

Social Engineering Engineering Penetration Testing Security Awareness 52

CyberSecurity Insiders

JUNE 24, 2021

As #RansomwareWeek draws to a close here on the (ISC)² blog, we turn our attention to how organizations can defend themselves. Conduct risk assessments and penetration tests to determine the organization’s attack surface and what tools, processes and skills are in place to defend against attacks. Initial Assessments.

Ransomware 103

Ransomware Backups Penetration Testing Education 103