Posts Categorized: Network Penetration Testing

So you want to be a Penetration Tester?

so you want to be a penetration tester

Over the past few months we have been speaking to people who want to join our team. To be a penetration tester. These include computer science and network security graduates, experienced application developers and systems administrators. Many of these people ask similar questions. How do I become a Penetration Tester? Should I sit certain exams… Read more »

Network Penetration Testing

"Our aim is to provide our customers with the reassurance that they can trade in a secure online environment at all times. To this end the relationship with Ambersail Assured will provide us with the required high level of guidance and protection in the pursuit of this." Security Manager, Birmingham Midshires. Should We Perform Network... Read more »

Cryptographic Weakness: No Trust Without Security

Are You Talking To Me? I had a conversation with a client recently. We’d just conducted a penetration test for his organisation and a number of cryptographic weakness findings had come up. “These issues aren’t normally significant” he said. “Why are we failing now, when we were okay before?”. A fair question, and one that deserves an answer. Here’s… Read more »

Security News Roundup: Chinese Take-away

The biggest story this week. Chinese military unit behind ‘prolific and sustained hacking’ says security report.  A highly-skilled team of intelligence gatherers working systematically to steal confidential information from organisations around the globe?  Shocking stuff – we can’t imagine for a moment that our government is doing the same thing. But things move fast in the murky… Read more »

Taming The BEAST

This is a follow-up post to our previous article on the subject. Here we offer technical assistance to those of you trying to fix the BEAST vulnerability, and offer some mitigation practices. The problem revolves around a vulnerability identified years ago in TLSv1 and SSLv3 protocol CBC mode ciphers (the stronger ciphers). This issue was fixed in… Read more »

RSA SecurID Token Attack

You may recall reading in the press a while ago about an attack against RSA’s servers where confidential data concerning two-factor authentication keys was compromised. Originally, RSA seemed confident that this theft would not result in a realistic attack on the SecurID two-factor authentication system, but now it appears that at least one major client… Read more »