What is Penetration Testing? Penetration testing is a direct test of an application, a device, a website, an organization, and even the people that work at an organization. It first involves attempting to identify and then attempting to exploit different security weaknesses that can be found in these various areas. Breaking into Your Own House It might be helpful to think of penetration testing...

Red Team Basics The SANS definition of a Red Team is, “a process designed to detect network and system vulnerabilities and test security by taking an attacker-like approach to system/network/data access.” A Red Team should be formed with the intention of identifying and assessing vulnerabilities, testing assumptions, viewing alternate options for attack and revealing the limitations and risks...

One of the most common ways for breaches to occur is purely out of not knowing if or how it could happen. You can’t protect what you don’t know you have – or that you don’t know you have to. Here are some tips for auditing your data and putting some security action behind it. Take Inventory of Your Data Before starting anything, are you aware of the data you’re collecting – or storing? Depending...

Find out how you can respond to the rise of bots in your business.

Ready to Get Visibility Into Your Environment?

The role of the healthcare CISO has expanded exponentially since the HITECH Act of 2009. CISOs were traditionally charged with the responsibility to maintain the IT environment consisting of applications and infrastructure. Today they are taking on an expanded organizational role consisting of innovation, operational responsibility and compliance. Although, the governance for compliancy...

There is no single set of instructions on how to run a penetration test, and no one manual on how to be a pen tester. The only real constant is that each job is a combination of preparation and improvisation to adapt and adjust to each environment’s quirks. So one of the best ways to learn and improve your own penetration testing techniques and strategies is from your peers, whether it be through...

Want to learn about advanced threat detection?

See Event Manager in Action. Try it. And Test it.

There are differences between each of the high-profile hacks you’ve seen in recent headlines, but there are also a few consistent characteristics of the modern breach. Inevitably, we discover known software vulnerabilities were left unpatched, networks were exposed and critical assets were open to attack.

Flavio De Cristofaro used to run our Security Consulting Services (SCS) group and long time password cracking enthusiast was recently asked to present at AppSecLatam2012 on Lessons learned from Recent Password Leaks. The following is his analysis on the exponential nature of password cracking costs. The exponential nature of password cracking costs Let’s assume for a moment that you suffered a...