by Robert Gorski | Nov 25, 2014 | Penetration Testing
In our work with clients we sometimes encounter a misconception that performing an Application Vulnerability Assessment and/or a Penetration Test amounts to an assessment of a web application’s vulnerability to the OWASP Top 10 security flaws. This has never been the...
by Robert Gorski | Jul 2, 2013 | ISMS Consulting
Like many people, I find it easiest to write about my direct experience. Currently I work from home, and I spend my working time doing application penetration testing on behalf of Pivot Point Security clients. This basically involves trying to hack into their systems...
by John Verry | Mar 7, 2013 | ISMS Consulting
Unfortunately, here at Pivot Point we’re all too familiar with Incident Response “Catch 22” situations. Until you have experienced a situation you often can’t (or, more frequently, don’t believe there is a true need to) develop a “comprehensive”...
by John Verry | Feb 4, 2013 | Penetration Testing
Recently I spoke with one of our highly regulated clients in the financial industry, who was getting “beat up” in an audit because we had jointly chosen to run the web application penetration tests in a “near production” environment rather than in their...
by John Verry | Apr 23, 2012 | Penetration Testing
It’s not uncommon for potential client to ask “Is your company certified to provide Penetration Testing?” It’s a great question and one that unfortunately does not have a good answer – YET. ** Via a client, we recently became aware of a British organization called...
