by Michael Gargiullo | Aug 18, 2017 | Penetration Testing
Editor’s Note: This post was originally published in February 2014 and has been updated for accuracy and comprehensiveness. I’m still surprised how often our clients want us to perform black box penetration testing on their internet facing systems, instead of...
by Mike Gargiullo | Jun 14, 2016 | Ethical Hacking, Penetration Testing
About 2 weeks ago I had an in-depth conversation with a client after performing a low-intensity penetration test. We offer a low-cost penetration test option that we call a “Validate” level engagement. Basically, a Validate level test involves an automated...
by Bhaumik Shah | Oct 20, 2015 | InfoSec Strategies
In recent network penetration testing we’ve been seeing a lot of vulnerabilities around companies’ Domain Name System (DNS) servers. With nearly all networked applications (including web browsing, email, eCommerce and IP telephony) relying heavily on DNS, and more and...
by John Verry | Dec 30, 2014 | Penetration Testing
It’s interesting to me that we can start to pick up shifts in our industry through the “Contact Us” form on our website. One unexpected (and at this point still unexplained) recent trend is an emphasis on physical penetration testing. Part of why it’s unexplained is...
by Robert Gorski | Nov 25, 2014 | Penetration Testing
In our work with clients we sometimes encounter a misconception that performing an Application Vulnerability Assessment and/or a Penetration Test amounts to an assessment of a web application’s vulnerability to the OWASP Top 10 security flaws. This has never been the...