Posts Categorized: Penetration Testing

So you want to be a Penetration Tester?

so you want to be a penetration tester

Over the past few months we have been speaking to people who want to join our team. To be a penetration tester. These include computer science and network security graduates, experienced application developers and systems administrators. Many of these people ask similar questions. How do I become a Penetration Tester? Should I sit certain exams… Read more »

Network Penetration Testing

Configure Your Networks Securely. Protect Confidential Data. Our penetration testing services are a vital tool to help understand where weaknesses lie. Is confidential data exposed? How open are your networks? Who has access to restricted areas? Let our team of experts help you remove weaknesses to improve the security of your networks. CREST Network &... Read more »

Penetration Test Versus Vulnerability Scan

ambersail security awareness

When someone poses the question – Penetration Test Versus Vulnerability Scan – we answer by describing what each test is. Also, what each is designed to do. One of the key differences between a penetration test and a vulnerability scan lies in the amount of human time and skill needed to perform it. This influences the… Read more »

I, Penetration Tester: Ethics in Cyber Security

Indulge me for a minute. Ethics in cyber security is a discussion that continues to develop. There are numerous ethical standards out there, but can all of this be summarised neatly in once place? I think it can, possibly…   Way back in 1942, during the first Golden Age of Science Fiction, Isaac Asimov proposed the… Read more »

Cryptographic Weakness: No Trust Without Security

Are You Talking To Me? I had a conversation with a client recently. We’d just conducted a penetration test for his organisation and a number of cryptographic weakness findings had come up. “These issues aren’t normally significant” he said. “Why are we failing now, when we were okay before?”. A fair question, and one that deserves an answer. Here’s… Read more »

Blocking Your Penetration Tester is a Bad Idea

GDPR Basics

What’s wrong with blocking your penetration tester? You’ve invested in technologies that prevent the bad guys from scanning your site and finding problems that they might be able to exploit. To be sure things are working, you commission a penetration test, and ask the penetration tester to see if the defences can be defeated. You block… Read more »

What is SQL Injection?

What is it? Put simply, SQL or sometimes “sequel” injection is a web site security fault that enables a hacker to steal the private or confidential data that you have available on your web site. It is surprisingly common, can have a devastating business impact, and is easy to prevent. Now you too can answer the question “What… Read more »

PCI Penetration Testing Policies. Just Like Buses

    … nothing for a few weeks and then three come at once.   Last Friday afternoon at the office turned into a somewhat sedate – and welcome – end to the working week. Until I took three sales calls one after each other. Nothing notable about that. What was significant was that all asked about how… Read more »

PCI: Your eCommerce Web Sites Are In Scope

“Essentially, all merchant eCommerce sites that previously escaped mandatory security assessment can no longer be overlooked.” We now anticipate that many small merchants will find their web sites in scope for PCI compliance under PCI DSS v3. We wrote earlier this year concerning the potential for scope changes brought about by PCI DSS v3. Now that the official v3 SAQ documents… Read more »