Please consider updating your browser. Some parts of the website may not function as intended.

4 Simple Security Testing KPIs

security testing kpis

Cyber security is a journey and not just a destination. In the ever-changing security landscape, regular testing and mitigation are required. To prevent testing efforts from feeling like a sinkhole on time and funding, mechanisms can be used to track the output of testing to show progress and motivate internal teams to improve their practices. […]

Vulnerability Scanning and Penetration Testing – Know the Difference

There are a variety of different ways to assess the security integrity of the systems that process, store, or transmit your information assets. But I find it odd that this far down the cyber security road, a lot of businesses still don’t understand the basic difference between Vulnerability Scanning and Penetration Testing. I know it […]

Top 5 Signs of Social Engineering Attacks

how to protect against social engineering attacks

Can social engineering attacks be detected? Social engineering attacks usually have signs that can be spotted if you know what they are. However, since there are different types of social engineering attacks, it can be harder to know when to look for them. In short, any time information is exchanged in some form of communication, […]

Top 8 Metrics to Collect During Red Team Testing

Why should we collect metrics in a red team test? Metrics are a valuable way of measuring changes and improvements over time. A red team test is conducted to assess the controls and lack of controls in place to stop an attacker achieving certain goals. By using metrics during red team testing, you can observe […]

What to Include in Your Security Testing Supplier’s Agreement

A successful penetration test requires good preparation with an airtight service-level contract between the customer and a supplier that helps both to achieve the ultimate goal: security. Listed in this post are some important items to include in the contract. These are by no means a full and comprehensive list but should serve to help […]

Top Security Breaches that have Zoomed into 2020 Thus Far

We have all seen how fast things can change in 2020 but the one thing that has not changed is the number of security breaches. In fact, the coronavirus increased the security threat landscape. One reason for this increase is due to the working from home (WFH) environment created more vulnerabilities and avenues for attacks. […]

File Manager Plugin in WordPress Contains a Remote Code Execution Vulnerability

WP plugin vulnerability

WordPress’ popular plugin File Manager (versions 6.0-6.8) contains a vulnerability that allows an attacker to upload files and execute commands. Indicators of compromise include filenames such as “hardfork.php”, “hardfind.php” and “x.php”. The root of this problem is connector.minimal.php, which is due to a recent name change and executes directly — allowing the upload of malicious […]

The Importance of Minimising Attack Surface

minimising attack surface

With every security test I have done, there has been at least one attack surface that can vary in their level of security. These can be viewed as the number of accessible machines and applications within them. As a result, the number of attack surfaces is not the only security measure to be implemented but […]

Multiple Vulnerabilities found in Microsoft Azure Sphere

Vulnerability

Microsoft Azure Sphere versions 20.07 and 20.06 contain vulnerabilities such as remote code execution and privileges escalation. This could allow an attacker to gain access to sensitive information and possibly get admin-level permissions on the affected machine.​ These vulnerabilities could have severe consequences, so make sure you patch it before it is used against you. […]

5 Items to Consider When Choosing a Pen Test Provider

pen test provider

As security professionals with nearly two decades in the industry, we understand the significance of choosing the right penetration testing service provider. It’s important to not only look for testers with the technical skills required but they should be trustworthy highly experienced, credible and deliver on their promises of testing, reporting and remediation. They should […]

Do NOT follow this link or you will be banned from the site!