Posts Categorized: Network Penetration Testing

So you want to be a Penetration Tester?

so you want to be a penetration tester

Over the past few months we have been speaking to people who want to join our team. To be a penetration tester. These include computer science and network security graduates, experienced application developers and systems administrators. Many of these people ask similar questions. How do I become a Penetration Tester? Should I sit certain exams… Read more »

Network Penetration Testing

Configure Your Networks Securely. Protect Confidential Data. Our penetration testing services are a vital tool to help understand where weaknesses lie. Is confidential data exposed? How open are your networks? Who has access to restricted areas? Let our team of experts help you remove weaknesses to improve the security of your networks. CREST Network &... Read more »

Cryptographic Weakness: No Trust Without Security

Are You Talking To Me? I had a conversation with a client recently. We’d just conducted a penetration test for his organisation and a number of cryptographic weakness findings had come up. “These issues aren’t normally significant” he said. “Why are we failing now, when we were okay before?”. A fair question, and one that deserves an answer. Here’s… Read more »

Security News Roundup: Chinese Take-away

The biggest story this week. Chinese military unit behind ‘prolific and sustained hacking’ says security report.  A highly-skilled team of intelligence gatherers working systematically to steal confidential information from organisations around the globe?  Shocking stuff – we can’t imagine for a moment that our government is doing the same thing. But things move fast in the murky… Read more »

Taming The BEAST

This is a follow-up post to our previous article on the subject. Here we offer technical assistance to those of you trying to fix the BEAST vulnerability, and offer some mitigation practices. The problem revolves around a vulnerability identified years ago in TLSv1 and SSLv3 protocol CBC mode ciphers (the stronger ciphers). This issue was fixed in… Read more »

RSA SecurID Token Attack

You may recall reading in the press a while ago about an attack against RSA’s servers where confidential data concerning two-factor authentication keys was compromised. Originally, RSA seemed confident that this theft would not result in a realistic attack on the SecurID two-factor authentication system, but now it appears that at least one major client… Read more »