%term

More Than The Sum of its Parts: Combining EASM and Pentesting

May 22, 2026 By Dominique Adams In Outpost 24

In late April 2025, SAP released an emergency patch for a critical vulnerability in SAP NetWeaver, sending security teams across Europe scrambling to assess their exposure. The flaw, CVE-2025-31324, was rated critically severe, and the details that followed made clear why. Media reports quickly revealed the full scope. SAP NetWeaver Visual Composer allowed unauthenticated malicious file uploads through a specific HTTP API endpoint (/developmentserver/metadatauploader).

Read Post

Outpost 24

Read more about More Than The Sum of its Parts: Combining EASM and Pentesting

A Discussion on OWASP Autonomous Penetration Testing Standard (APTS)

May 21, 2026 By Astra Security In Astra

Announcing the OWASP Autonomous Penetration Testing Standard (APTS) | Conversation with OWASP Autonomous Penetration Testing Standard (APTS) lead Jinson Varghese.

View Video

Astra

Read more about A Discussion on OWASP Autonomous Penetration Testing Standard (APTS)

Automotive Pen Testing Is Different in 2026

May 20, 2026 By SecuritySenses In SecuritySenses

Automotive pen testing used to be very much an extra service. An OEM or manufacturer might test a vehicle in a very broad way i.e perhaps doing a general scan for known vulnerabilities. Today however, a modern vehicle runs tens of millions of lines of code across dozens of electronic control units, exposes attack surfaces over CAN, Ethernet, Bluetooth, Wi-Fi, cellular and UWB, ships with companion mobile apps and dealer tools, and connects to OEM cloud platforms that handle telematics, OTA updates and V2X services.

Read Post

SecuritySenses

Read more about Automotive Pen Testing Is Different in 2026

We Pentested a Complex API Application with AigentX AI Agent - Then Verified the Results with Source Code Review

May 18, 2026 By Komodo Research In Komodo Consulting

How AigentX found 24 real vulnerabilities, confirmed what wasn't exploitable, and discovered risks that code review alone could never catch.

Read Post

Komodo Consulting

Read more about We Pentested a Complex API Application with AigentX AI Agent - Then Verified the Results with Source Code Review

What is AI penetration testing?

May 15, 2026 By Adam King In Sentrium

As organisations continue integrating AI capabilities into customer-facing applications, internal tooling, and operational workflows, the security implications of these systems are becoming increasingly important. Large Language Models (LLMs), AI assistants, and automated decision-making features are now appearing across SaaS platforms, support systems, and enterprise applications, often connected directly to sensitive data and business processes.

Read Post

Sentrium

Read more about What is AI penetration testing?

Penetration testing vs vulnerability assessment: What's the difference?

May 7, 2026 By Adam King In Sentrium

Understanding the difference between penetration testing and vulnerability assessment is an important part of building an effective security programme. While the terms are often used interchangeably, they serve distinct purposes and provide different types of insight into an organisation’s risk profile. For technology-led organisations, particularly those operating complex SaaS platforms or cloud environments, both approaches have a role to play.

Read Post

Sentrium

Read more about Penetration testing vs vulnerability assessment: What's the difference?

Remote Penetration Testing in 2026: A CTO & CISO Guide

May 6, 2026 By Rishabh Goyal In Astra

Your presence here, reading this, insinuates that something is nagging at you. Maybe it’s the Ivanti headline you saw last week or the fact that half your engineering team works from cafés, co-working spaces, and home offices you’ve never set foot in. Maybe it’s the audit coming up and that one checklist item about remote access controls you’ve been putting off. No, you’re not being paranoid. We have numbers that justify your burgeoning anxiety.

Read Post

Astra

Read more about Remote Penetration Testing in 2026: A CTO & CISO Guide

Step-by-Step: How to Set Up a Homelab for Penetration Testing at Home

Apr 28, 2026 By SafeAeon Inc. In SafeAeon

Cybersecurity is more important than ever. One of the key components of cybersecurity is penetration testing, which involves intentionally attempting to exploit a system to identify vulnerabilities. It is commonly known as ‘ethical hacking’. Penetration testing, or pen testing, requires strong hands-on skills. Setting up a homelab is an effective way to gain practical experience in a safe, controlled environment.

Read Post

SafeAeon

Read more about Step-by-Step: How to Set Up a Homelab for Penetration Testing at Home

Autonomous Pentesting: How it Works, Benefits, Tools (2026)

Apr 27, 2026 By Sanskriti Jain In Astra

For years, the defensive side held the asymmetric advantage over threat actors. Writing exploits requires a deep understanding of how memory corruption works, how authentication tokens can be forged, etc. That knowledge gap is what made it hard to exploit a vulnerability. LLM proliferation lowered that floor and quickly removed that advantage. Even script kiddies can now carry out cyberattacks like APTs without understanding POC.

Read Post

Astra

Read more about Autonomous Pentesting: How it Works, Benefits, Tools (2026)

What Is Red Team Penetration Testing?

Apr 27, 2026 By Liz Sujka In Sedara

Red Team Penetration Testing is a simulated cyberattack that mimics real-world threat behavior to identify vulnerabilities, test defenses, and evaluate how effectively an organization can detect and respond to an attack. It goes beyond traditional testing by focusing on how an attacker would actually move through an environment.

Read Post