How NIST SP 800-115 Informs Information Security Practices

by Sarah Harvey / December 15, 2022

What is NIST? The National Institute of Standards and Technology, or NIST, is an organization that is part of the U.S. Department of Commerce and has the goal of being a leader in innovation and technology by providing fair standards and solutions. The core competencies of NIST are measurement science, rigorous traceability, and development and use of standards. These core competencies influence the reliability of the information produced by the…

Finding and Mitigating Your Vulnerabilities Through OWASP

by Sarah Harvey / December 15, 2022

What is OWASP? The Open Web Application Security Project, or OWASP, is an open, online community that provides free tools and documentation to anyone interested in improving insecure software and in developing, operating, and maintaining secure software. OWASP is a not-for-profit organization, with no affiliation to any company, making it a popular methodology to rely on. OWASP’s core values are: open, innovation, global, and integrity. OWASP prides itself on being…

Pen Testing After a Significant Change

by Sarah Harvey / December 15, 2022

Penetration testing, or pen testing, is a proactive way that organizations can improve their security hygiene and assure their clients that the products and services they provide are as secure as possible. While many enterprises rely on internal audit teams to test the security of their networks, applications, and devices, undergoing third-party penetration testing is a surefire way to identify overlooked or unknown vulnerabilities, find remediation strategies and guidance, and…

Avoiding a Pen Testing Mishap: What Are You Really Paying For?

by Sarah Harvey / December 15, 2022

Last month, the Iowa Judicial Branch made an investment in their security efforts by partnering with an information security firm to perform penetration testing on their organization. But…it appears they signed up for more than they bargained for. Why? The two ethical hackers working the job were arrested after they successfully gained unauthorized access to a Dallas County courthouse. What went wrong? Why were these ethical hackers arrested? Could this…

What is Continuous Penetration Testing?

by Sarah Harvey / December 15, 2022

Why Do You Need Continuous Penetration Testing? Applications change. Systems change. Networks change. Employees change. Hackers change. What happens when you connect a new API, add in a new server, or alter your environment in any way? A web application that was stable yesterday may not be with the next update. So, why wouldn’t you engage in continuous penetration testing? A standard penetration test is a snapshot of your security…