Joff Thyer // Picture a scenario whereby you are involved in an internal network penetration test. Perhaps you have succeeded with a spear-phishing campaign and landed on an internal system, […]
Carrie Roberts // In information security, what is the difference between a vulnerability assessment and a penetration test? A penetration test is a vulnerability assessment with the addition of exploitation […]
Brian Fehrman // External and Internal vulnerability scans are often part of any penetration test. Automated scanning tools, however, can’t always find the “good stuff.” Many times, some of the […]
Carrie Roberts // *Guest Blog It is important to ensure that your external mail servers are properly configured to not support open relaying of mail. An open mail relay can […]
Brian B. King // If working with several customers at once, or in succession, it would be easy to lose track of whose data you’re looking at, or to include […]
Carrie Roberts & Brian King // We were recently testing a web application that used ASP.NET cookieless sessions. This meant that the session token was part of the URL as […]
