Penetration Testing

In one of my previous roles, I had the great opportunity to travel around the world meeting customers to understand their challenges in vulnerability management.  The two biggest challenges they wanted solved were: Help me prioritize which of these vulnerabilities are most critical, and Help me close the loop with my patching solutions to remediate […]

(This post provides an overview of vulnerability assessment and penetration testing activities. For a deeper dive into advanced penetration testing techniques and the latest security research tune-in to Paul’s Security Weekly.) Over the decades, many have inaccurately described vulnerability assessments as penetration tests.  What is the difference between a vulnerability assessment and a penetration test?  […]

Enterprise News

InfoSec Insider caught up with Trustwave SpiderLabs Principal Security Consultant Matt Lorentzen, who discussed the open source pentesting tool and provided us with a demo.

This blog post is sponsored by DomainTools. For more information and product trials please visit https://securityweekly.com/domaintools.  Malicious or Not? The above question runs through the brains of SOC analysts across the world multiple times per day. When you are analyzing security events looking for the “bad” things, you often come across a domain that requires […]

This will probably be a contentious point for some, but there are situations where a penetration test isn’t the best use of an organization’s resources. Here, we examine what is (and isn't) a pentest, and what its goals should be depending on your organization's needs.

Conducting penetration testing via simulated attacks on your organization's network is the best way to help your business evaluate the strength of your network security protocols and identify any backdoors, weaknesses, and gaps between different security tools, and prioritize risk. This contributed article explains why.