Posts

Think Like a Hacker: How Could Your Mobile Apps Be Compromised?

When you provide mobile apps to customers, they’re expecting them to be secure. They’ve entrusted you with their sensitive data by using your product, and it’s up to you to protect that data. Businesses today must do everything possible to mitigate the advancing threats facing mobile apps, both internally and externally. How sure are you that your organization is doing this? In this webinar, KirkpatrickPrice expert penetration tester, Stuart Rorer, dives into the most common vulnerabilities found in mobile apps and discusses how penetration testing can help keep them secure.

The Pros and Cons of Mobile Applications

Like all technology, mobile applications have some wonderful benefits, but also have some security concerns that need to be addressed. The trick is to learn how to better secure the technology to thwart attacks before they occur. So, while mobile technology has made nearly everything in our lives more accessible and efficient, the cons of mobile technology should not be forgotten. For example, on the physical side of mobile technology, there are numerous risks: BYOD policies are challenging for IT teams because they’re difficult to secure and keep track of, devices can be stolen, and attackers can hack the devices remotely via Bluetooth. At the application level, mobile applications are vulnerable to common security issues like insecure communications, poor information storage, web attacks, revealed code, and tampering.

7 Proactive Steps for Protecting Your Mobile Apps

From malware attacks and backdoor threats to problems with surveillance, mobile apps will continue to be one of the most targeted attack vectors in 2020. We believe that following these seven steps will help you thwart these security issues and protect your mobile apps.

  1. Stay abreast of the latest security news.
  2. Invest in secure coding and practices for development teams.
  3. Invest in routine – not just annual – penetration testing on mobile applications.
  4. Use code obfuscators to better secure code from decompilation.
  5. Stay on top of the OWASP Top Ten and use their resources to better understand security issues.
  6. Do not trust the device to protect your files.
  7. Always use secure communications to transmit information.

How sure are you that you have found all of the vulnerabilities in your mobile apps? Could there be more you’re unaware of? Watch the full webinar now to learn about common vulnerabilities in mobile apps or let’s talk about how our mobile application penetration testing services can benefit you.

Think Like a Hacker: Common Vulnerabilities Found in Wireless Pen Tests

From hand-held wireless devices to wireless networks, your organization probably depends on the convenience and accessibility of wireless devices to conduct business – but wireless devices are just as likely as any other technology to be compromised by hackers. Do you know what vulnerabilities your wireless devices, applications, and networks are up against? In this short webinar, KirkpatrickPrice expert pen tester, Mark Manousogianis, discusses the most common vulnerabilities found in wireless applications and how pen testing can keep them secure.

Common Ways Wireless Devices, Applications, and Networks are Exploited

Wireless devices were intended to make everyday life easier, but the vulnerabilities that persist within wireless devices, applications, and networks makes using such tools risky. Knowing the common ways wireless devices, applications, and networks are exploited, though, can give you the head start you need to prepare against advancing threats. When introducing any wireless device, application, or network to your environment, be wary of the following:

  • Default SSIDs and passwords
  • Access point where tampering can occur
  • Out-of-date firmware
  • Vulnerable wired equivalent privacy (WEP) protocols
  • WPA2 Krack vulnerability
  • WPS attacks
  • Rogue access points
  • Evil twins
  • Man-in-the-Middle attacks

Securing Wireless Technologies with Penetration Testing

There are many ways for malicious hackers to compromise wireless environments and the people who use them. Organizations would be wise to use strong protocols, implement and enforce strong password best practices, keep firmware updated, and educate users regularly on updates and vulnerabilities as baseline, proactive measures for securing wireless technologies. However, while these proactive steps can be used to secure your wireless devices, applications, and networks as much as possible, you will still never know how well they’ll stand against an attack until you’ve submitted them to penetration testing.

How sure are you that you have found all of the vulnerabilities in your wireless devices, applications, and networks? Could there be more you’re unaware of? Watch the full webinar now to learn about common vulnerabilities in wireless devices, applications, and networks or contact us today to speak to one of our Information Security Specialists about our wireless penetration testing services.

What Should You Really Be Penetration Testing?

Pen testing is a valuable investment for any organization – it’s a critical line of defense used to protect and secure your sensitive assets from malicious outsiders. But for organizations that have never undergone pen testing, or for those who have never even heard of penetration testing before, it’s understandable why you would have questions like: What is pen testing? What parts of my organization should be undergoing penetration testing? Who should I hire to perform my pen testing? In this webinar, KirkpatrickPrice’s President, Joseph Kirkpatrick, will answer these questions and more.

What is Penetration Testing?

Penetration testing is a form of permission-based ethical hacking in which a tester attempts to gain access to an organization’s people, systems, or locations. The purpose of pen testing is to find vulnerabilities that could potentially be exploited by a malicious hacker as part of your ongoing risk management practices. However, often times, either out of ignorance or deceit, we see firms pass off vulnerability scans as penetration testing. Let’s be clear: vulnerability scans are not penetration tests. Vulnerability scans are great for discovering low-hanging fruit, but they should not be confused with an advanced, manual penetration test. Vulnerability scanners are only capable of matching patterns and definitions and are unable to find flaws that require human logic and comprehension. This is why investing in penetration testing, in conjunction with running vulnerability scans, is necessary.

What Should You Be Penetration Testing?

In order to know what your organization needs to pen test, you need to identify which assets in your organization are susceptible to cyberattacks and the financial, reputational, and legal implications if those assets were to be compromised. Assets that your organization should consider pen testing might include:

  • Call Center
  • People
  • Records Facility
  • Internet of Things
  • Corporate Office
  • Data Center
  • Wireless Connections
  • Externally Facing Applications
  • Internally Facing Applications
  • Mobile Applications
  • Computers

Ultimately, your organization should be penetration testing any asset that you want to make stronger. If you’re ready to embark on your pen testing journey, download the full webinar to learn more or contact us today to speak to an Information Security Specialist.

Executive Insight into the Importance of Penetration Testing

You’ve seen hacking portrayed in Hollywood films, but have you seen how hackers can be an ally in your fight for security? Ethical hacking plays a key role in identifying what malicious outsiders are planning against your organization’s sensitive assets. If you’ve been wondering about the trends in penetration testing and how other organizations utilize these tests to creatively improve security, download this full webinar to hear from KirkpatrickPrice’s President, Joseph Kirkpatrick, as he discusses creative approaches to penetration testing, how executives use penetration testing to evaluate security effectiveness, and how to overcome fears and misconceptions about penetration testing.

Getting the Most Out of Your Penetration Test

When organizations invest in penetration testing, they’re likely looking for a quality, thorough third party who is able to uncover vulnerabilities that their teams can’t or wouldn’t find and provide remediation strategies and guidance to improve security. In order to do so, though, penetration testers must go beyond routine approaches to ethical hacking, like walk throughs and merely passing reports presentations to committees, and instead employ creative methods, like advanced social engineering methodologies used by KirkpatrickPrice penetration testers.

For example, when KirkpatrickPrice penetration testers begin an engagement, they’ll be sure to do their due diligence when it comes to reconnaissance. Our pen testers will stimulate real-life hacks by:

  • Using online research via the Dark Web
  • Entering a physical location using methods like tailgating or copying badges
  • Using pre-text calling
  • Using spear-phishing

By employing such creative means to test an organization’s security, executives will gain a greater holistic insight into the security of their organization, and they’ll be better prepared and empowered to make decisions about improving the organization’s security hygiene.

Do you want to make sure your organization is getting the most out of your penetration testing results? Are you ready to learn how executives can use the findings of a penetration test to better improve organizational security hygiene? Download the full webinar now or contact us today to speak to an Information Security Specialist.

Think Like a Hacker: Common Vulnerabilities Found in Web Applications

According to the 2019 Verizon DBIR, web applications are a top vector in data breaches. But is your organization doing anything to mitigate this threat? Are you educated on what vulnerabilities web apps like yours are facing? In the first installment of our “Think Like a Hacker” webinar series, one of our expert penetration testers, Stuart Rorer, dives into the most common vulnerabilities found in web applications during penetration tests. If you’re interested in learning about common ways your web applications may be compromised by a malicious hacker, remediation tactics for mitigating threats facing your web apps, and how to continue to stay abreast of cyber threats with KirkpatrickPrice’s pen testing services, watch the full webinar now.

Web Pages vs. Web Applications

When it comes to ensuring the security of a web app, there is one critical thing to keep in mind: web apps are not the same as web pages. Web pages are static, whereas web applications are dynamic and respond to user interaction. What does this mean? It means that web pages are simple: you view the page, and there is usually very little that can be attacked, aside from the underlying infrastructure. When there is added dynamic functionality, such as adding a search option, there is greater risk for a malicious attack because there’s a level of interaction with the underlying system. So, what common vulnerabilities are found when there’s added dynamic functionality? We’ll give you five.

5 Common Vulnerabilities Found in Web Applications

When looking at the vulnerabilities found in web applications, it’s important to realize that all web applications are different: there are different frameworks, components, libraries, and services. Considering this, when undergoing a web application penetration test, there could be a number of vulnerabilities found, but the five we most commonly see at KirkpatrickPrice are:

  1. Misconfiguration
  2. Vulnerable third-party libraries and components
  3. Authorization issues
  4. Redirection issues
  5. Injections

Your organization’s web apps are only as strong as your latest penetration test. Have you found all of the vulnerabilities in your web applications? Could there be more you’re unaware of? Watch the full webinar now to learn about five common vulnerabilities or contact us today to speak to one of our Information Security Specialists about our web application penetration testing services.