Resources
Blog

Horrible Mistakes You're Making With Pen-Testing Pt. 1

Wed, 05/27/2020
For some, running a pen test is merely something to do to pass a compliance check for the year. However, there are many more benefits than just adhering to a precedent set out before you. If done correctly – correctly being the main emphasis here – you should already know of the added benefits pen-tests have towards maintaining a healthy security posture. If you feel like you could improve even...
Penetration Testing
Blog

Thoughts from Black Hat and Defcon

Wed, 05/27/2020
Getting home from what we affectionately call Security Summer Camp is almost as much of an adventure as attending the conferences. Getting caught in the Deltapocalypse on the way home just added to the fun. If you want a real challenge, try seeing your way onto earlier flights during a system-wide meltdown of a major legacy carrier.
Blog

Obligatory Java “zero-day” Blog Post

Wed, 05/27/2020
When my mother emails to ask if she should be worried about the Java vulnerability the saw on the news, you know a security issue has gone mainstream. And it seems you cannot be a security company without having a blog warning of the dangers presented by the Java exploit.
When to Use a Pen Test Versus Vulnerability Scan
Blog

When to Use a Pen Test Versus Vulnerability Scan

Wed, 05/27/2020
Penetration testing versus vulnerability scanning. It all sounds the same or does the same thing, doesn’t it? Mistakenly, these terms are often used interchangeably even though there are some fundamental differences. Here we will distinguish the two and help you see what value each could bring to your business. What to Expect in a Pen Test A penetration tester has the goal of getting through...
A New Way of Thinking About Vulnerability Management
Blog

A New Way of Thinking About Vulnerability Management

Wed, 05/27/2020
How do you look at vulnerability management? We’ve seen several blogs on this topic in the past month and even a webinar with one of our security consultants but the truth is that everyone looks at this issue differently. From scanning and assessments to prioritization and patching, vulnerability management is a lot of different things but it is not and never should be seen as: Just a list of...
Penetration Testing
Red Team
4 Steps to Building a Vulnerability Management Program
Blog

4 Steps to Building a Vulnerability Management Program

Wed, 05/27/2020
Day after day we hear stories of companies being breached because of vulnerabilities in their systems. While some of these vulnerabilities may be new, the majority of breaches are caused by vulnerabilities that have had a patch available for weeks, months, even years but are left unpatched. If you know that there are vulnerabilities on your network, why wouldn’t you patch them immediately? Simply...
Threat Detection
Blog

Navigating Your Vulnerability Management Program

Wed, 05/27/2020
OK, I admit it. I use GPS to navigate some routes I’ve driven at least a hundred times. It’s a relief to hear that robotic voice helping me with every single turn on my way home. Here at Core, we asked-how can we make the vulnerability management journey easier for organizations to traverse to reduce the risk of a potential security breach? Ah, yes, a roadmap of sorts to follow to ensure a...
Threat Detection
How to Manage the Pen Testing Skills Shortage
Blog

How To Manage the Pen Testing Skills Shortage

Wed, 05/27/2020
According to the 2023 Pen Testing Report, 94% of cybersecurity professionals surveyed felt that penetration testing was somewhat important or important to their organization’s security posture, with 93% also reporting that penetration testing was at least somewhat important to their compliance initiatives. Despite this importance, 55% of cybersecurity professionals reported their organization hasn...
Penetration Testing
Digital skull
Video

Getting Inside the Mind of an Attacker: TLS Attacks and Pitfalls

Tue, 05/26/2020
Transport Layer Security (TLS) is a common cybersecurity protocol that is frequently seen in email, web browsers, messaging, and other communication methods that take place over networks. TLS is relied upon to ensure secrecy using different techniques like encryption, hash functions, and digital signatures. These days, however, nothing is immune to attack, so despite being designed to improve...
Penetration Testing
Computer keyboard with digital people icons
Video

Healthcare Identity Governance 101: Six Proven Strategies for Tackling the Biggest Healthcare Information Security Challenges

Tue, 05/26/2020
Healthcare organizations today face extraordinary challenges in a complex landscape. With increasing regulations, the acceleration of technology, and the demand to do more with less, health systems must address these issues head on, while staying focused on delivering quality patient care. Data breaches in healthcare cost more than $6.45 million on average—higher than any other industry. So the...
IGA
Video

2020 Core Security Pen Testing Survey Results

Tue, 05/26/2020
Penetration testing has become one of the best ways to test an organization’s resilience against malicious attackers—using their own tactics to help build a better security posture. Now that pen testing is increasingly standardized and typically a core element of security risk management program, how is it utilized by organizations of different size and industry? A global survey was recently...
Penetration Testing