penetration testing

Pen-testing made easy with Datasploit social engineering toolset

Pen-testing made easy with Datasploit social engineering toolset

By

GUI friendly social-engineering toolset made available as open source software - great for penetration testing, not bad for criminals either.

Pen testers discover mega vulnerabilities in Uber

Pen testers discover mega vulnerabilities in Uber

By

Portuguese pen testing team discover 14 flaws in Uber apps which would have enabled them to get free rides and disclose details of passengers' and drivers' journeys.

SC Congress: "flakey kettles and dolls that swear at you"

SC Congress: "flakey kettles and dolls that swear at you"

By

Ken Munro, managing director of Pen Test Partners, showed the SC Congress just how easy it is to crack a whole range of IoT nonsense

Robin Who? Dridex botnet replaced with antivirus software

Robin Who? Dridex botnet replaced with antivirus software

By

A mysterious Good Samaritan has replaced the code on certain parts of the villanous Dridex botnet with Avira Anti-virus installers.

'High risk' for users of FRITZ!Box routers

By

A number of remote code execution bugs in several models of FRITZ!Box broadband routers could allow intruders to place phone calls through the device.

Testing, Testing - 4 simple IT security mistakes that leave a business vulnerable

Testing, Testing - 4 simple IT security mistakes that leave a business vulnerable

Luke Potter looks at four of the most basic security oversights identified during penetration testing

The concept of Red Teaming

The concept of Red Teaming

An holistic view of security is increasingly important, says Thomas Richards.

How your red team penetration testers can help improve your blue team

How your red team penetration testers can help improve your blue team

Red-team penetration testers can help train your security team to recognise common and not-so-common attack techniques, says Rowland Johnson.

London-specific threat-intelligence launching via Mayor's office initiative

London-specific threat-intelligence launching via Mayor's office initiative

By

London-specific threat intelligence is to be provided to businesses in the capital, possibly as early as next month, via an innovative independent body combining the police, government and the private sector, instigated by the Mayor's office.

Lies, damned lies and statistics

Lies, damned lies and statistics

Cyber-crime figures are a dime or dozen but are they really improving your security, asks Ken Munro.

The end of penetration testing in sight?

The end of penetration testing in sight?

With the attack surface, or perimeter, expanding exponentially, and attackers inside the network, the focus should now be on finding and stoping them - concentrating on how data leaves the system - says Chris Marrison.

Invite attacks to identify weaknesses

Invite attacks to identify weaknesses

Intelligence-led third party red-teaming testers can identify the blind spots that in-house teams thought they had covered suggests Simon Saunders.

How do you stop an Energetic Bear?

How do you stop an Energetic Bear?

Companies must think like a hacker and commit to penetration testing to protect themselves from data breaches, says Chema Alonso.

Why we need a tighter framework for social engineering penetration testing

Why we need a tighter framework for social engineering penetration testing

Protect against real-world threats and test the most likely scenarios using relevant models, including low-tech, says Gavin Watson.

Red Teaming in the real world

Red Teaming in the real world

By

Red teaming is a relatively new type of extended pen testing used to raise the security and governance bar in major corporates, most notably financial service organisations such as banks.

UK banks to get independent pen-testing?

UK banks to get independent pen-testing?

By

The UK's Bank of England (BoE) is reportedly planning to carry out a major pen-testing exercise in the Autumn.

B-Sides SF: 'Sexism can be security vulnerability'

B-Sides SF: 'Sexism can be security vulnerability'

By

Security researcher - and white hat hacker - Raven Alder addressed sexism in the InfoSec world at the B-Sides San Francisco event on Monday, and said - perhaps surprisingly - that it can help and hinder attackers and defenders in equal measure.

PCI compliance: The slow road to progress

PCI compliance: The slow road to progress

By

PCI DSS 3.0 may be on the horizon, but a new study suggests that companies are not only slow in updating, but also approaching compliance in the wrong way.

CNS Group launches educational PenTest Portal

By

CNS Group's information assurance division CNS Hut3 has launched a PenTest Portal to teach companies how to carry out basic penetration testing techniques on their own systems.

New Nmap

Nmap, the de facto standard network scanning tool for the security community, has just received a major update to version 5.<br /><br />The new version...

SC Webcasts UK

Sign up to our newsletters

FOLLOW US