Articles about penetration testing

Showing that it is not just Windows 11 that has issues with updates, Offensive Security has issued a warning that Kali Linux updates are likely to fail “in the coming days”.

The Linux distro has proved an important tool in penetration testing, acting as a valuable security tool for many users. The team behind Kali Linux says that “pretty much every Kali system out there will fail to update”, and it bears full responsibility: “This is not only you, this is for everyone, and this is entirely our fault”. But there is a solution.

Continue reading →

The vast majority of IT professionals will agree that in cybersecurity, waiting for an attack to happen in order to expose weaknesses is a losing strategy.

As such, many will be well-clued up on the benefits of penetration testing; from demonstrating a commitment to protecting sensitive data and ensuring ongoing compliance with industry regulations, to gaining a clearer understanding of security gaps, and strengthening incident response readiness.

Continue reading →

Kali is a popular and powerful Linux distribution used by cybersecurity professionals around the world. Penetration testers must master Kali’s varied library of tools to be effective at their work. The Kali Linux Penetration Testing Bible is the hands-on and methodology guide for pentesting with Kali.

You’ll discover everything you need to know about the tools and techniques hackers use to gain access to systems like yours so you can erect reliable defenses for your virtual assets. Whether you’re new to the field or an established pentester, you’ll find what you need in this comprehensive guide.

Continue reading →

Penetration testing for enterprise security operationalizes the function of security testing for an organization's offensive security program.

Centralizing penetration testing into a core function of the enterprise can provide significant ROI; however, it also requires a new level of considerations, that when applied correctly, can significantly improve overall security outcomes.

Continue reading →

Cybersecurity teams are suffering from the economic squeeze with 63 percent of US security professionals having their department's budget cut in 2023 according to research from Pentest as a Service (PtaaS) company Cobalt.

Of those who encountered layoffs or budget cuts, almost all US (95 percent) and EMEA (84 percent) professionals say their role has changed. This has caused many in the US to feel burnt out (61 percent), more than those in EMEA (29 percent).

Continue reading →

A new survey of 300 CIOs, CISOs, and security executives from enterprises across Europe and the USA shows that 88 percent of organizations admit to being compromised by a cyber incident over the past two years.

The study from Pentera reveals that this is despite organizations having an average of almost 44 security solutions in place.

Continue reading →

A new survey of 300 organizations across the US and Europe looks at the key challenges concerning the ability to effectively prioritize and contextualize the large amounts of data organizations get from several cyber security alert systems, as well as identifying the actions needed to meet them.

The survey, conducted for Darktrace by IDC, finds evolving attack vectors make it difficult to prepare proactively, with only 31 percent of respondents highly confident that their tools can continuously adjust to new configurations.

Continue reading →

Thanks to improved security technology, most cyberattacks now rely on some element of social engineering in order to exploit the weakest link, the human.

Phillip Wylie, hacker in residence at CyCognito, believes CISOs now need to take a step back and focus on the overall picture when it comes to security. This includes securing internal and external attack surfaces, and testing the security of these environments, as well as educating employees about the risks.

Continue reading →

Pentest as a Service (PtaaS) company Cobalt is today launching Agile Pentesting, a new offering that provides more control and flexibility to better meet the needs of businesses through versatile, ad hoc testing.

Agile Pentesting allows organizations to identify and address vulnerabilities at a faster, more frequent rate to minimize risk. This contrasts with what Cobalt calls 'comprehensive pentesting', which is often done in support of business drivers like compliance or M&A activity, the new offering helps accelerate customers' DevOps journeys while aligning with their CI/CD pipelines.

Continue reading →

Application security is becoming mainstream, and that's a good thing as it means that security testing is becoming an embedded aspect of the software development life cycle (SDLC). It also means that automated security testing tools are becoming faster, more sophisticated, and better integrated, so they're less likely to slow down developers or burden them with too many trivial findings or false positives.

But as good and necessary as AppSec testing tools are, it's not nearly enough simply to buy them and run them -- you need to buy the right ones and configure them correctly so that they help build security into your SDLC without bogging it down. It's important to implement a security strategy and a plan. It’s also important to employ developers with the skills to build trust into your software -- a concept known as 'holistic AppSec'.

Continue reading →

Kali Linux is the most popular and advanced penetration testing Linux distribution within the cybersecurity industry. Using Kali Linux, a cybersecurity professional will be able to discover and exploit various vulnerabilities and perform advanced penetration testing on both enterprise wired and wireless networks.

The Ultimate Kali Linux Book -- Second Edition is a comprehensive guide for those who are new to Kali Linux and penetration testing that will have you up to speed in no time. Using real-world scenarios, you’ll understand how to set up a lab and explore core penetration testing concepts.

Continue reading →

In the past security has been something that was added only at the end of the development process. But as release cycles have accelerated this is no longer a viable approach.

DevSecOps (development, security and operations) is all about automating the integration of security at every phase of the software development lifecycle.

Continue reading →

Legitimate penetration testing tools like Cobalt Strike, Impacket and RMM, are being used by threat actors because it's more efficient to use existing tools that are proven to be successful than to create new software.

The latest Threat Detection Report from managed detection and response firm Red Canary shows Cobalt Strike in particular has never been more popular, impacting eight percent of its customers in 2021.

Continue reading →

Password manager company 1Password is increasing its top bug bounty reward to $1 million, making it the highest bounty in Bugcrowd history and one of the largest rewards in cybersecurity.

Since beginning the bug bounty program in 2017, 1Password has paid out $103,000 to Bugcrowd researchers, averaging $900 per reward. While all detected bugs have been minor, showing no threat to the secrecy of sensitive customer data, 1Password was able to resolve them quickly to reduce the risk of attacks.

Continue reading →

Over a quarter of businesses (28 percent) have critical vulnerabilities that could easily be exploited by cyberattack.

But even when these vulnerabilities are flagged by penetration testing, they are still being left unaddressed.

Continue reading →