Penetration Testing Archive

Security risks of home working and public Wi-Fi, tips to mitigate them, VPN insights, and more Home-based teams? Flexible working? Staff often working on the go? Only a few years ago, most organisations never considered working from home as an …

What the Common Vulnerability Scoring System is, how to use it, limitations and alternatives, and key changes in CVSS v4.0 Our senior penetration tester Leon Teale has more than ten years’ experience performing penetration tests for clients in various industries …

API security is an undervalued but crucial aspect of information security. Cyber attacks often target APIs and web applications. To remain secure, organisations must test their systems to find and eliminate any weaknesses. Organisations can achieve this with API penetration …

Stock up on sprouts, hang the decorations and prepare for a barrage of cyber attacks, because the Christmas season is in full swing. December is a busy time for cyber criminals, as they look to take advantage of understaffed IT …

More than 50 universities in the UK have had their lack of cyber defences exposed, with security testers breaching their systems in under two hours. The tests were conducted by Jisc, the agency that provides Internet services to the UK’s …

British Airways has released no technical details on how attackers managed to get 380,000 people’s personal information – including payment card numbers – from their systems. I’ve done some reading, though, and wanted to share my thoughts – and those …

Too often, organisations rely on vulnerability scans to identify weaknesses in their organisation. They are told that vulnerability scanning is as good as penetration testing and that it will be enough to meet the compliance requirements of the PCI DSS …