Are you looking about getting a penetration test done, but you're not sure what kind of test to get. If you are an IT consulting company, you must have heard about black-box, grey-box, and white-box testing. The following are some of the most common questions asked when it comes to selecting the type of testing: Consider the advantages and disadvantages of black box, grey box, and white box testing.

When a system is breached, compromised or exploited, the attackers never stop after getting the initial access because it doesn’t give them privileged access. And the same thing goes in an offensive security assessment, i.e. infrastructure penetration testing or a red team assessment.

Penetration tests, also known as pen tests, offer significant security benefits to your business. But, before we dive into what they do, let’s take a moment to understand what they are.

You’ve built an awesome business — it is booming and making money. You’ve streamlined all the processes and operations. Business is good. But, when you build something great, it attracts cyber criminals. Your business is valuable to you and cybercriminals can leverage it. That’s why security is important. You can use different security approaches to secure your application, infrastructure and network. In this post we’ll focus on one such approach: penetration testing.

Running penetration tests of a mature web application is always a great challenge. Systems are usually well hardened, and scanners fall short of flagging anything interesting, requiring an experienced security engineer to identify vulnerabilities using advanced exploitation methods. On the other side, some applications are going for their first release ever or release after a major code change.

This blog describes the attack path we have uncovered during a recent penetration test of a web application, coupled with a back-end infrastructure assessment. Throughout we introduce different attack techniques and tools that can be used to attack the underlying infrastructure and APIs of a web application.

Drawing on over three decades’ experience in penetration testing for global organisations of all sizes, this webinar outlines some of the most common attack methods in use today and shares effective approaches for tackling them. The session on will detail the most effective security controls to prevent and mitigate common types of cyber-attacks.

But if your organisation hasn’t commissioned a pen test before, you might be wondering what’s actually involved. Read on to learn about the key penetration testing steps we follow.

Included by Gartner in 2021 as a major cybersecurity category and an emerging product, the External Attack Surface Management (EASM) term might be new. Still, the idea behind it is nothing new: identifying risks coming from internet-facing assets that an organization may be unaware of. A few companies, including Detectify, have been highlighting the importance of the attack surface and understanding the potential risks of the constantly-changing environment.