Skip to main content

Posts

Showing posts from 2022

Difference Between a Penetration Test and Vulnerability Assessment - Part 2

  The Difference Between a Penetration Test and Vulnerability Assessment - Part 2 What is the Difference Between a Penetration Test and Vulnerability Assessment? Part 2 of 2 Comparing Penetration Tests and Vulnerability Assessments In part 1 of this post, we focused on the Vulnerability Scans, Vulnerability Assessments, and  Vulnerability Management  in order to differentiate the 3 prior to digging into Penetration Tests. Now, let’s introduce and define Penetration Tests, explain the test itself and goals, then go through the different types of Penetration Tests. What is a Penetration Test? A  Penetration test , or pen test, is the process an ethical hacker conducts on a target and the IT environment to uncover vulnerabilities by exploiting them. The goal is to gain unauthorized access through exploitation which can be used to emulate the intent of a malicious hacker. Penetration test reports may also assess potential impacts on the organization and suggest countermeasures to reduce ri

Difference Between a Penetration Test and Vulnerability Assessment - Part 1

  The Difference Between a Penetration Test and Vulnerability Assessment - Part 1 What is the Difference Between a Penetration Test and Vulnerability Assessment? Part 1 of 2 Comparing Penetration Tests and Vulnerability Assessments The staff here at SecureOps is consistently asked the purpose and the differences between vulnerability scans, vulnerability assessments and penetration tests – including all the variations of both such as red teaming, capture the flag exercises, bug bounty programs and more. Our goal in this blog post is to work from a high level and explain the general differences between identifying vulnerabilities to a more detailed level and ultimately walk through what the services are from an execution perspective and what benefits they offer an organization in terms of improving security. Let’s start with answering the broad question first and dig deeper from the explanation that we use here at SecureOps. Vulnerability scans search systems for known vulnerabilities u

Is Web App Penetration Testing Worth the Price?

Is Web App Penetration Testing Worth the Price? The Fundamentals of Web App Penetration Testing A couple of blog posts ago we went through the fundamentals of  Web Application Penetration Testing . We suggested that a web application penetration test is an assessment of the security of the code and the use of software and libraries on which the application runs. Pen testers are security professionals that will search for vulnerabilities in web apps such as: Injection vulnerabilities Broken authentication Broken authorization Incorrect error handling In this blog post, we will discuss the pricing and overall economics of conducting web app penetration tests. First, as a note, from a broad perspective, a penetration test is an authorized simulated cyber-attack on a computer system or application performed to assess the strengths and weaknesses of the systems or application from that of a criminal, hacker, insider threat, and so on. One thing to remember is that a penetration test is a po

The Uber Breach 2022. What Happened in the Uber Breach?

Uber recently notified authorities that they suffered a “cybersecurity incident.”  Meanwhile, the hacker behind the incident has publicly shared some startling details with news outlets, and also let Uber employees know – using their own corporate Slack – of the attack. Uber security and privacy woes started in 2011 with reports of parties treating guest to the  Uber’s “God View” . Apparently there were two versions of the “God View”. The anonymized version, which as OK, and the  “Creepy Stalker version” , showing whereabouts and movements of specific Uber users in real time . Entrepreneur Peter Sims was featured in the creepy version, found out, was upset about it, and wrote a Medium post (Can We Trust Uber?) which went viral. The news reports eventually gave way to regulatory investigations. Then came the breaches. Two breaches to be precise. The first breach occurred in or about May 2014 when an intruder gained access to personal information about Uber drivers. Uber suffered a secon