Top Mistakes CISOs Make When it Comes to Penetration Testing
In this blog, we are going to look into a few of the top mistakes CISOs make when it comes to penetration testing and how your organization can avoid them.
Problems
Ancient But Important: DNS Zone Transfers
What are DNS Zone Transfers? DNS Zone transfers. As ancient as the vulnerability may seem, it is imperative for cybersecurity professionals to maintain a vigilant watch for the simple yet compromising weakness in their systems. To be sure, most organizations have taken the necessary steps to mitigate zone transfers to unknown hosts since the 1990s. […]
3 Show Stoppers for a QSA On-Site Assessment
In today’s blog, we are going to discuss three potential show stoppers for a QSA On-site Assessment. These all come from recent conversations with potential clients, and all three would have resulted in a failing Report on Compliance (RoC). So as a result, we thought a blog discussing what those are and what to do […]
Standing with Coalfire
As many of you are most likely aware of by this point, two Coalfire employees are facing criminal trespassing charges in Iowa. The two employees were conducting a physical penetration test against a judicial branch building and the Dallas County courthouse. As part of their assessment, they gained access to the courthouse and intentionally tripped […]
What Can Go Wrong During a Physical Penetration Test
As with every type of penetration test we perform, our engineers are experienced and know how to balance the goal of giving you a realistic view of your vulnerabilities with the need to avoid business disruptions. However, just like other types of tests, as good as we may be, there can occasionally be problems that […]
Will A Penetration Test Disrupt My Business?
When working with a customer who hasn’t had regular penetration testing before, one of their primary concerns is usually “will a penetration test disrupt my business?” They may be required to get a penetration test completed in order to meet a compliance requirement, because a larger organization is asking them to, or simply because they […]
Why Should I Whitelist the Pentester’s IP Address?
Before we start any engagement, we like to go over a document that lists all of the Rules of Engagement (ROE) for the upcoming penetration test. We cover things like making sure you have approval from your cloud provider, when status updates will be sent to the client, and how time sensitive and critical issues […]
Is There a GDPR Certification?
The push for GDPR compliance has generated a lot of good questions. Is there a certification that organization’s can get to demonstrate their compliance with GDPR? If not, how is my business supposed to show that we are compliant when people ask us? The bottom line is that there is no GDPR certification. At least […]
How Can I Prevent Problems on my Penetration Test?
About 95% of the time, penetration tests are completed without any issues occurring. An experienced penetration tester will have conducted hundreds of assessments on a myriad of networks, and will know the common pitfalls to avoid. A skilled tester will work diligently to evaluate the risk to your network, while protecting your systems and keeping […]