Blog
Blog

Quick Guide to Penetration Testing

Fri, 05/22/2020
We're always trying to simplify how you go about pen-testing your organization. Anytime you make something too complicated there becomes unnecessary barriers to completion. Enjoy this free Guide to Penetration Testing to ensure you complete your penetration tests quickly and efficiently. 1. Project Scope Before starting your pen-test, you need to determine you plan of attack. This will consist...
Penetration Testing
Identity & Access Management
Blog

New Release: The Most Beautiful Experience in Identity

Fri, 05/22/2020
Before I start, I need to come clean and tell you that I love enterprise software. Weird? Maybe. However, after working in the industry for many years and for many different companies, enterprise software is the basis for what drives business. Whether it’s your CRM, ERP or cyber security – it all starts with enterprise software.I have worked in product management, marketing and operations over the...
IGA
Security Tips
Blog

How to Set SMART Goals With Your Red Team

Fri, 05/22/2020
As with most anything in life, you want to set SMART goals. Setting goals that follow this guideline (Specific, Measurable, Achievable, Relevant and Time-bound) allows you to form hypotheses and set firm parameters around your work and what potential outcomes to expect. This is no different for the Red Team whose sole purpose is to test the security measures currently in place and test how to...
Penetration Testing
Red Team
Security Compliance
Blog

The Biggest Risk for Security Breaches: Humans!

Fri, 05/22/2020
You can have all the tools in place: firewalls, security programs, routinely updated passwords and security team members. But that still might not be enough. We advocate for increased employee security awareness training as well as maintaining the patches and updates required for programs to run at full steam. Cyber security threats aren’t going away – if anything they’re increasing in size and...
Penetration Testing
Security Tips
Blog

How to Spot and Stop Zombie Accounts in Your Network

Fri, 05/22/2020
Zombie accounts, also known as abandoned accounts, are user accounts left with no verifiable owner. This happens most often when someone leaves your company and their access to a certain application is never terminated. In a perfect world, the person that leaves you would never try and get back into your system for any reason. However, our world is not perfect. Instead, we have rogue players who...
IGA
Security Compliance
Blog

The Importance of PCI Compliance

Fri, 05/22/2020
*As used previously in GCN.com As governments look for more ways to reduce costs, electronic payments have become an economical method of purchase. Using credit or debit cards reduces the time it takes to receive funds, is less error-prone and makes it easier for residents to pay. Any agency that stores, processes or transmits card data must comply with the Payment Card Industry Data Security...
Compliance
Blog

Latest Improvements Shipped to Core Impact 2017 R2

Fri, 05/22/2020
It is our mission to continuously provide to you a comprehensive and up-to-date penetration testing tool to meet the needs of the market. Today we are recapping the 23 total updates that have been shipped to Core Impact 2017 R2 since its release on August 14th 2017. The team has been working hard to develop these improvements in order for our users to continue to experience the maximum value from...
Blog

3 Tips to Conducting Successful Web Application Tests

Fri, 05/22/2020
At the age of six, my parents were looking for ways to get me out of the house and burn some of that energy every six-year-old child has. On top of being pretty small, I grew up in a small town. So my options for youth sports were pretty limited. However, through a series of conversations, my parents decided to get me involved in the youth wrestling program. What I didn’t understand at the time,...
Penetration Testing
What is?
Blog

What is a Vulnerability Management Program?

Fri, 05/22/2020
The Equifax breach was caused by a vulnerability. The WannaCry virus exploited a vulnerability. The stories don’t seem to end but it seems like no one is talking about how to solve this problem which is: start a vulnerability management program. “Manage the vulnerabilities in my network? Sounds easy” well, not so much, but not so difficult that you shouldn’t be spending time and resources on it....
Penetration Testing
Threat Detection
Compliance
5 Security Tips
Blog

5 Steps to Building a Vulnerability Management Program Pt. 1

Fri, 05/22/2020
Let's talk about actual tactics you can put in place to start building or improving your vulnerability management program. Step 1: Set Smart Goals“To better mitigate risk” is not a goal. Everyone wants to mitigate risk and that’s why your organization has a security team. In order to set a goal for your vulnerability management program, you have to first understand what assets you have that need...
Blog

Remember These PCI Pen Testing Requirements

Fri, 05/22/2020
Things just got real for companies that need to comply with PCI requirements. Not only is PCI v3.2 mandated, the PCI Standards Security Council has issued guidance on using penetration testing as part of a vulnerability management program. Why are they buckling down? Part of the reason was explained well in the recent Verizon PCI Compliance Report. Compared to 2015, the 12 key requirements...
Compliance
5 Security Tips
Blog

5 Steps to Building a Vulnerability Management Program Part 2

Fri, 05/22/2020
Welcome to part two of our series on building a vulnerability management program. Today we go through steps three and four of our build but if you missed last week, you can catch up here. Step 3: PatchingYou’ve got your list of vulnerabilities from your scanner and now your vulnerability management solution has prioritized them all so the next step in this process is to start fixing your problems...
Penetration Testing
Threat Detection
Blog

The Latest Exploits Shipped to Core Impact

Thu, 05/21/2020
Summary of all of the exploits and updates shipped to Core Impact 2017 R2 since Sept 26th (the last Dot release): 17 Updates overall 9 Remote Exploits 3 Client-Side Exploits 4 Local Exploits 1 Product update Published modules: Remote Exploits: Trend Micro Mobile Security for Enterprise upload_img_file Arbitrary File Upload Vulnerability Exploit Adobe ColdFusion Java JMX-RMI Remote...
Blog

Tips for Success with Access Assurance Suite

Thu, 05/21/2020
So you’re using Core Access Assurance Suite (AAS). Maybe you’ve been using it for a while and have a routine down – but there may be ways to make your experience with this program even better. Every now and then it’s important to reassess the tools you are using to see how you can get more out of them. Today’s post is to share a few tips to help create a better user experience with the product...