Today, organisations store a lot of sensitive data in their database systems. This could be customer info, financial records, intellectual property, etc. Protecting this from unauthorised access is key; database penetration testing helps achieve this by finding holes in the system.

For two decades or so now, web applications have been the backbone of many businesses, making their security paramount. Dynamic Application Security Testing (DAST) and penetration testing are crucial for identifying and mitigating security vulnerabilities in web application security. While both aim to enhance application security, they differ significantly in their approach, execution, and outcomes.

Penetration Testing, often known as "pen testing," plays a pivotal role in assessing the security posture of any digital environment. It's a simulated cyber attack where security teams utilise a series of attack techniques to identify and exploit vulnerabilities within systems, applications, and an organisation’s infrastructure. This form of testing is crucial because it evaluates the effectiveness of the organisation's defensive mechanisms against unauthorized access and malicious actors.

CREST accreditation is a good place to start – a ‘stamp of approval’ for a high-quality penetration test. But what does it mean to be CREST-approved, and what differentiates CREST penetration testing from other assessments? Read on to find out.

In the realm of industry and infrastructure, Operational Technology (OT) refers to hardware and software systems designed to monitor and control physical devices. OT is a cornerstone in managing and automating essential services in a variety of sectors including utilities, manufacturing, and transportation. Key elements of OT include Industrial Control Systems (ICS) and Industrial Automation, which support critical infrastructure operations.

Imagine your financial data behind a seemingly impenetrable wall, but in reality, it's akin to a fortress with invisible cracks. That is a world without Threat-Led Penetration Testing (TLPT). As cyber threats become more nuanced and lethal, TLPT stands as a specialised sentinel in the arsenal of financial institutions, safeguarding sensitive assets through the simulation of real-world attacks.

ISO 27001, the internationally recognised standard for information security management systems (ISMS), provides a framework for organisations to protect their valuable information assets. Penetration testing is crucial in preventing data breaches and maintaining the business’s reputation. ISO 27001 strongly recommends it as a critical tool for assessing an organisation’s security posture and ensuring compliance with control A.12.6.1, which focuses on managing technical vulnerabilities.

This is a Bulletproof Tech Talk article: research from our penetration testing team covering issues, news, and tech that interests them. It’s more technical and in-depth that our usual blog content, but no less interesting. In the complex landscape of Active Directory, ensuring secure and appropriate access is a constant challenge. Recently another "ESC" technique has been released which is known as ESC13.

Automated penetration testing, or automated pen testing, is a type of security assessment that uses specialist tools to uncover vulnerabilities. Although it can serve as part of a cohesive security strategy, it also presents some challenges. In this article, we outline the pros and cons of automated pen testing and compare it with manual pen testing.