Penetration Testing Archive
Red team cyber security assessments are a crucial way of giving organisations a practical understanding of their defence capabilities. In these exercises, the red team faces off against their counterparts, the blue team, in a battle to control a particular …
API security is an undervalued but crucial aspect of information security. Cyber attacks often target APIs and web applications. To remain secure, organisations must test their systems to find and eliminate any weaknesses. Organisations can achieve this with API penetration …
Stock up on sprouts, hang the decorations and prepare for a barrage of cyber attacks, because the Christmas season is in full swing. December is a busy time for cyber criminals, as they look to take advantage of understaffed IT …
With 3.4 billion malicious emails sent every day, phishing poses a massive risk to organisations of all sizes. However, the threat doesn’t just come from the volume of scams, but their idiosyncrasy. The measures you put in place to protect …
More than 50 universities in the UK have had their lack of cyber defences exposed, with security testers breaching their systems in under two hours. The tests were conducted by Jisc, the agency that provides Internet services to the UK’s …
British Airways has released no technical details on how attackers managed to get 380,000 people’s personal information – including payment card numbers – from their systems. I’ve done some reading, though, and wanted to share my thoughts – and those …
Over the past month or so, we’ve been discussing the threats associated with payment card breaches, and why it’s important to comply with the PCI DSS (Payment Card Industry Data Security Standard). In this week’s blog, we examine some recent …
Too often, organisations rely on vulnerability scans to identify weaknesses in their organisation. They are told that vulnerability scanning is as good as penetration testing and that it will be enough to meet the compliance requirements of the PCI DSS …
Most people generally understand what happens after a data breach: the crooks use or sell the information to make a quick profit, and organisations must spend money recovering from the incident and paying legal fees and penalties. But that’s only …
In this blog, we look at the ongoing threat of debit and credit card fraud, explaining why it appeals to cyber criminals, what they do with the stolen information and how implementing the requirements of the PCI DSS (Payment Card …
