The value of a pentest

Pentesting is a typical cybersecurity process. It is an activity by which an analyst, with the least information possible about a target, tries to find security vulnerabilities on it. The target is defined by a scope, which can be one or more web applications, mobile apps, IP ranges, or any other different list of assets.

An analyst or a team of analysts execute a pentest following similar steps that would be followed by a real attacker: gather information, map the attack surface, identify vulnerabilities, and exploit them.

Continue reading “The value of a pentest” →

Off the top of my head: Is availability really a cybersecurity pillar?

Availability is a difficult concept in cybersecurity. Is it in the scope of the cybersecurity team or not? Always? If the web site is loading slow, should the cybersecurity team be contacted?

Continue reading “Off the top of my head: Is availability really a cybersecurity pillar?” →

Off the top of my head: About having everything green in Qualys

traffic light at green — Photo by Carlos Alberto Gómez Iñiguez

Vulnerability management is difficult. Many organizations aim to fix all the security vulnerabilities they can identify. They want to run a scan like Qualys and that everything come up green. In my opinion, it is a good and ambitious objective, but that strategy can be counter-productive.

Continue reading “Off the top of my head: About having everything green in Qualys” →

Infosec Adalid

Cybersecurity: People, Processes, and Technology

Category: Off the top of my head

The value of a pentest

Off the top of my head: Is availability really a cybersecurity pillar?

Off the top of my head: About having everything green in Qualys

Most popular posts

Recent Posts

Archive

Categories