Penetration Testing Archives - Page 6 of 7

Deciding Between Vulnerability Scanning And Penetration Testing

Michelle Drolet

My clients often confuse scanning and penetration testing. Organisations should be conducting both external vulnerability scans and penetration tests. If you are storing or transmitting data on the Internet, particularly sensitive data such as credit card details, then quarterly scanning is required to validate your PCI compliance. You also need to conduct a penetration test

4 Minute 1 Second Read

Reminder: Please join us at the Information Security Summit 2014

Michelle Drolet

Please save the date and plan to join us for this timely forum on what you need to know about the latest security issues, threats, and technologies that will help you protect your business! May 29, 2014 8:00AM – 1:00PM MassBay Community College 50 Oakland Street | Wellesley Hills, MA 02481 Early Bird Special: $35

0 Minute 34 Second Read

Why security professionals need to get more creative with penetration testing (and how to do it)

Michelle Drolet

Criminals are evolving with their techniques for hacking and breaching corporate assets, so security managers need to as well. Here are some ways companies are going beyond standard pen testing in order to increase awareness By Maria Korolov Security professionals have long been running penetration tests against their firewalls and other security systems to find

6 Minute 27 Second Read

Towerwall Information/Vulnerability Alert Vol 13.69: Cisco Security Notice

Michelle Drolet

Cisco Security Notice Cisco WebEx Business Suite HTTP GET Parameters Include Sensitive Information CVE ID: CVE-2014-0708 Release Date: 2014 March 18 19:07 UTC (GMT) Last Updated: 2014 March 19 17:58 UTC (GMT)SummaryA vulnerability in Cisco WebEx Business Suite could allow an unauthenticated, remote attacker to view sensitive information transmitted in GET parameters of URL requests.The vulnerability is due to inclusion of sensitive information in

2 Minute 5 Second Read

Towerwall Information Security/Malware Alert Vol 13.67 – Notorious "Gameover" malware gets itself a kernel-mode rootkit…

Michelle Drolet

Zeus, also known as Zbot, is a malware family that we have written about many times on Naked Security. We’ve covered it as plain old Zbot. We’ve covered the Citadel variant, which appeared when the original Zbot code was leaked online. We’ve even written about the time it pretended to be a Microsoft fix for CryptoLocker, a completely different

4 Minute 43 Second Read

Towerwall Security/Vulnerability Alert Vol 13.62

Michelle Drolet

Recent vulnerabilities for which exploits are available compiled by the Qualys Vulnerability Research Team. This is a list of recent vulnerabilities for which exploits are available. System administrators can use this list to help in prioritization of their remediation activities. The Qualys Vulnerability Research Team compiles this information based on various exploit frameworks, exploit databases,

4 Minute 2 Second Read

Tips for testing your mobile app security

Michelle Drolet

Wherever an app originates from, it is vital that you can vouch for its security before it is circulated The enterprise has gone mobile and there’s no turning back. And while the BYOD movement has received plenty of attention, IT departments are getting a handle on the security risks of personal mobile devices in the workplace. The

3 Minute 42 Second Read

Compliance Combines with Vulnerability Scanning to Create Aegify

Michelle Drolet

Two security firms, the established Rapid7 vulnerability manager and eGestalt, a cloud-based compliance management provider, have signed an OEM deal that will do something for the IT security industry that hasn’t been done before: a combination security and compliance posture management offering called Aegify SPM. The SPM stands for Security Posture Management, and eGestalt of Santa Clara

2 Minute 27 Second Read

Top 10 PHP Security Vulnerabilities

Michelle Drolet

Security is not a list of things you do. Security is a way of thinking, a way of looking at things, a way of dealing with the world that says “I don’t know how they’ll do it, but I know they’re going to try to screw me” and then, rather than dissolving into an existential

7 Minute 15 Second Read

New Internet Explorer zero day being exploited in the wild

Michelle Drolet

After the last zero day exploit on Java we reported some weeks ago it appears that a new 0day has been found in Internet Explorer by the same authors that created the Java one. Yesterday, Eric Romang reported the findings of a new exploit code on the same server that the Java 0day was found some

2 Minute 6 Second Read

Our Cybersecurity Solutions

Virtual Security Officer

We Advise

Industries

Trends & Threats

Knowledge Hub

Our Company

Solutions: Penetration Testing

Deciding Between Vulnerability Scanning And Penetration Testing

Towerwall Information/Vulnerability Alert Vol 13.69: Cisco Security Notice

Towerwall Information Security/Malware Alert Vol 13.67 – Notorious "Gameover" malware gets itself a kernel-mode rootkit…

Towerwall Security/Vulnerability Alert Vol 13.62

Top 10 PHP Security Vulnerabilities

New Internet Explorer zero day being exploited in the wild

Talk with us now about:

Your security needs.

Call 774.204.0700

Email Us