Skip to main content

Posts

Showing posts from October, 2022

Difference Between a Penetration Test and Vulnerability Assessment - Part 1

  The Difference Between a Penetration Test and Vulnerability Assessment - Part 1 What is the Difference Between a Penetration Test and Vulnerability Assessment? Part 1 of 2 Comparing Penetration Tests and Vulnerability Assessments The staff here at SecureOps is consistently asked the purpose and the differences between vulnerability scans, vulnerability assessments and penetration tests – including all the variations of both such as red teaming, capture the flag exercises, bug bounty programs and more. Our goal in this blog post is to work from a high level and explain the general differences between identifying vulnerabilities to a more detailed level and ultimately walk through what the services are from an execution perspective and what benefits they offer an organization in terms of improving security. Let’s start with answering the broad question first and dig deeper from the explanation that we use here at SecureOps. Vulnerability scans search systems for known vulnerabiliti...

Is Web App Penetration Testing Worth the Price?

Is Web App Penetration Testing Worth the Price? The Fundamentals of Web App Penetration Testing A couple of blog posts ago we went through the fundamentals of  Web Application Penetration Testing . We suggested that a web application penetration test is an assessment of the security of the code and the use of software and libraries on which the application runs. Pen testers are security professionals that will search for vulnerabilities in web apps such as: Injection vulnerabilities Broken authentication Broken authorization Incorrect error handling In this blog post, we will discuss the pricing and overall economics of conducting web app penetration tests. First, as a note, from a broad perspective, a penetration test is an authorized simulated cyber-attack on a computer system or application performed to assess the strengths and weaknesses of the systems or application from that of a criminal, hacker, insider threat, and so on. One thing to remember is that a penetration test is ...