security testing
ETSI completes set of IoT MQTT and CoAP testing standards
The ETSI committee on Methods for Testing and Specifications (TC MTS) has recently completed a first set of seven standards addressing the testing of the IoT MQTT and CoAP …
Most disaster recovery solutions are not tested on a regular basis
As organizations work diligently to support evolving business needs, while at the same time battling cybercrime and other threats to critical data, the majority of disaster …
Top security threats for power plants and how to proactively avoid them
Power plants are one of the most vitally important components of modern civilization’s infrastructure. A disruption in energy production impacts all aspects of society from …
Counterfit: Open-source tool for testing the security of AI systems
After developing a tool for testing the security of its own AI systems and assessing them for vulnerabilities, Microsoft has decided to open-source it to help organizations …
MindAPI makes API security research and testing easier
Security researcher David Sopas has published a new open-source project: MindAPI, a mind map with resources for making API security research easier. “I love mind maps. …
Product showcase: Pentest Robots
Security testing automation is not about building tech to replace humans. We don’t adhere to that limiting view because it fails to capture the complexity and depth of …
Addressing the lack of knowledge around pen testing
The vast majority of attackers are opportunist criminals looking for easy targets to maximize their profits. If defenses are sufficiently fortified, finding a way through will …
Application security: Getting it right, from the start
Security testing data is “the unsung hero” of securing application development. It’s the backbone of application development quality, compliance and risk management, and rests …
SecOps teams face challenges in understanding how security tools work
Security professionals are overconfident in their tools with 50% reporting that they have experienced a security breach because one or more of their security products was not …
The rise of continuous crowdsourced security testing for compliance
A large percentage of organizations and institutions are moving toward a rigorous, continuous testing model to ensure compliance, a Synack report reveals. As part of this …
CrackQ: Efficient password cracking for pentesters and red teamers
CrackQ employs automation to make password cracking a faster and more efficient undertaking for pentesters and red teamers. CrackQ dashboard “Regular security testing is …
Most IT pros find red team exercises more effective than blue team testing
More than one-third of security professionals’ defensive blue teams fail to catch offensive red teams, a study from Exabeam reveals. The survey, conducted at Black Hat USA …