One of the most common ways for breaches to occur is purely out of not knowing if or how it could happen. You can’t protect what you don’t know you have – or that you don’t know you have to. Here are some tips for auditing your data and putting some security action behind it.

There are many reasons to penetration test your organization – and not just to adhere to compliance protocols. Nonetheless, sometimes that’s the routine we get caught in, isn’t it? We do it just because we have to, but we don’t leverage the findings from the tests to better secure our business. Well, today’s the day we start leveraging and seeing the true value behind penetration testing. Take a look at these four ways in which you can benefit from penetration tests.

It’s not just about hiring a group of people and dubbing them as part of a Red Team. There are some important steps to ensure you are hiring the right people for the job at hand with a focused goal in mind. Here are the five key steps to build out a successful Red Team: 1. Have the Right Conditions Oftentimes when looking for jobs people are seeking a good culture-fit. A place where they are challenged and won’t become stagnant in their abilities or uninspired causing them to not reach their full potential.

Welcome to part two of our series on building a vulnerability management program. Today we go through steps three and four of our build but if you missed last week, you can catch up here. 

Things just got real for companies that need to comply with PCI requirements. Not only is PCI v3.2 mandated, the PCI Standards Security Council has issued guidance on using penetration testing as part of a vulnerability management program.

Let's talk about actual tactics you can put in place to start building or improving your vulnerability management program. 

Red Team Basics The SANS definition of a Red Team is, “a process designed to detect network and system vulnerabilities and test security by taking an attacker-like approach to system/network/data access.”

The Equifax breach was caused by a vulnerability. The WannaCry virus exploited a vulnerability. The stories don’t seem to end but it seems like no one is talking about how to solve this problem which is: start a vulnerability management program. “Manage the vulnerabilities in my network? Sounds easy” well, not so much, but not so difficult that you shouldn’t be spending time and resources on it. This blog covers the planning and set up of vulnerability management programs. 

At the age of six, my parents were looking for ways to get me out of the house and burn some of that energy every six-year-old child has. On top of being pretty small, I grew up in a small town. So my options for youth sports were pretty limited. However, through a series of conversations, my parents decided to get me involved in the youth wrestling program. What I didn’t understand at the time, was this was the beginning of many life lessons. In today’s blog, I want to talk about a few of those lessons and how they correlate to running web application pen tests.

It is our mission to continuously provide to you a comprehensive and up-to-date penetration testing tool to meet the needs of the market. Today we are recapping the 23 total updates that have been shipped to Core Impact 2017 R2 since its release on August 14th 2017. The team has been working hard to develop these improvements in order for our users to continue to experience the maximum value from Core Impact.

*As used previously in GCN.com As governments look for more ways to reduce costs, electronic payments have become an economical method of purchase. Using credit or debit cards reduces the time it takes to receive funds, is less error-prone and makes it easier for residents to pay.

Zombie accounts, also known as abandoned accounts, are user accounts left with no verifiable owner. This happens most often when someone leaves your company and their access to a certain application is never terminated. In a perfect world, the person that leaves you would never try and get back into your system for any reason. However, our world is not perfect. Instead, we have rogue players who can create or hide these accounts in your system for nefarious reasons.

You can have all the tools in place: firewalls, security programs, routinely updated passwords and security team members. But that still might not be enough.

As with most anything in life, you want to set SMART goals. Setting goals that follow this guideline (Specific, Measurable, Achievable, Relevant and Time-bound) allows you to form hypotheses and set firm parameters around your work and what potential outcomes to expect. This is no different for the Red Team whose sole purpose is to test the security measures currently in place and test how to improve or continue that in your infrastructure.

Before I start, I need to come clean and tell you that I love enterprise software. Weird? Maybe. However, after working in the industry for many years and for many different companies, enterprise software is the basis for what drives business. Whether it’s your CRM, ERP or cyber security – it all starts with enterprise software.

We're always trying to simplify how you go about pen-testing your organization. Anytime you make something too complicated there becomes unnecessary barriers to completion. Enjoy this free Guide to Penetration Testing to ensure you complete your penetration tests quickly and efficiently. 1. Project Scope Before starting your pen-test, you need to determine you plan of attack. This will consist of what to include in the test and will spell out your goals.

I recently was watching an old episode of “Friends”. During this one particular episode, Ross was trying to move a couch into his upstairs apartment. As they were trying to carry the couch upstairs, they reached a point where they had to turn a corner. As you can imagine - the couch becomes stuck and Ross was yelling, "PIVOT!!" Since joining Core Security, anytime I hear the word ‘pivot’, I think about it in terms of how an attacker would move through a network.

Internships are becoming more and more necessary in order for college students to land a job straight out of college. In fact, over 85% of college students complete internships every year. With numbers like these, it’s quite possible that you have a few interns in your office throughout the year. We had five this summer and they were amazing – and not just for getting coffee and making copies. They were integral parts of our business. As such, they had access to several different applications based on their area of focus within the business.

Don’t be misled into thinking that because you have a Penetration Tester that you have a Red Team – or that because you have a Red Team you have a Penetration Tester. While some functions may overlap, you are getting two different things when enlisting the help of each. Both provide something beneficial to your organization and the security measures in place – so let’s further investigate what you can really expect from each.

The terms “hacking” and “hackers” often get a bad reputation. This tends to have a fairly negative connotation because of the nature these words are often used in. I’d like to think I’m not alone in envisioning some scary guy hanging out in a dark room in a black hoodie trying to break into my bank to steal my credentials or money for that matter. The way we perceive and hear “hacker” in the media has definitely misconstrued my perception of these folks.

It’s not just the bad actors that we at Core Security want to protect you from – we also want to protect you from yourself. It’s all hands on deck when it comes to securing your systems and the systems you interact with on a daily basis.

It’s no secret that healthcare organizations are constantly in the crosshairs of cyber criminals. One of the reasons healthcare records are 30 times more valuable than financial records is because they contain full identity profiles – including your social security number which is the gateway to acquiring any and all of your personal information.

It's true - we've had a lot of updates and releases for Core Impact over the past month. From the New Named User Pricing to the continued improvements being shipped to Core Impact and just this past week the new release of Core Impact 2017 R2 - there's been a lot happening. But trust that the product is still the most comprehensive solution for assessing and testing security vulnerabilities within your organization. Today we're going through some of the benefits you can find when using this tool.

For several years the Department of Defense (DoD) has been focused on protecting controlled and unclassified information. Seven years ago, around November 2010, the White House issued Executive Order 13556 that established an open and consistent program across all civilian and defense agencies for managing information. The issue this Executive Order was trying to rectify was that departments/agencies had ad hoc measures for safeguarding controlled and unclassified information.

After months of hard work by our outstanding team, I am pleased to announce the release of Core Impact 2017 R2 – the comprehensive software solution for identifying, assessing and testing security vulnerabilities that attackers will exploit. With Core Impact you are able to identify the most pressing cyber risks to your organization by using this tool that enables you to think, and act, like an attacker. Penetration Testers and Red Teamers can safely imitate real attacks within their own networks.