Behind the Firewall ft. Randy Bartels

by Morgan Prost / May 22, 2026

Don't just secure your code, secure the systems that build it. VP of Security Services, Randy Bartels, has seen a major shift in how teams manage their CI/CD pipelines. Jenkins, CircleCI, and other tools are being replaced by GitHub Actions at a rapid pace, but with that shift comes a new layer of responsibility: securing the runners—the Docker containers that execute the workflows and produce the artifacts used in production.In…

Behind the Firewall ft. Suzette Corley

by Morgan Prost / May 22, 2026

A breach notification policy doesn't have to be complex, but it does have to exist. During a recent privacy audit, one of our auditors, Suzette Corley, asked a simple question: “What’s your breach notification process?” The answer? Silence. Followed by: “We’d figure it out if something happened.” That’s more common than you think. Many companies assume they’ll improvise when a breach occurs. But when the clock starts ticking, improvisation becomes…

Behind the Firewall ft. Stu Skove

by Morgan Prost / May 21, 2026

Sometimes the biggest threats are the ones you can't see. During a recent penetration test, Stu Skove uncovered a vulnerability that shows how a single unsanitized parameter can collapse the line between app security and full infrastructure compromise. At first glance, the app looked solid—no obvious issues. But deep in a file download workflow, two parameters were passing user input straight to the OS. The danger? It was blind. No errors,…

Behind the Firewall ft. Brian Lowe

by Morgan Prost / May 21, 2026

Don't just trust the tools. Sometimes, the best finds come from slowing down and asking, “what’s really happening here?” While reviewing how a web application responded to user input, KP’s Senior Penetration Tester, Brian Lowe, noticed something subtle… but it was just enough to warrant a closer look. Instead of relying only on automated tools, he crafted a custom payload by hand.  That extra step revealed a cross-site scripting (XSS) vulnerability…

Behind the Firewall ft. Mark Dube

by Morgan Prost / May 21, 2026

In the worst-case scenario, if any user within the organization were compromised, all of this sensitive information could be leaked externally. During a recent internal penetration test, Mark uncovered a critical security gap that the client was completely unaware of. While performing network enumeration using a custom file share enumeration tool, he discovered several SMB shares that were accessible to all users without any restrictions. These shares contained over 30,000 files, the…