newsletter

How to Price a Penetration Test

By |2020-04-24T15:12:59-04:00October 8th, 2013|

This video provides and overview of the two most common methodologies for pricing a penetration test. How Much Should You Spend On Penetration Testing Services The most common question asked is "how much will it cost for you to deliver a penetration test to us?". [...]

Comments Off on How to Price a Penetration Test

Whistleblower Series – The real problem with China isn’t China, its you.

By |2020-03-31T10:27:14-04:00June 10th, 2013|

Terms like China, APT and Zero-Day are synonymous with Fear, Uncertainty and Doubt (FUD).  The trouble is that, in our opinion anyway, these terms and respective news articles detract from the actual problem.  For example, in 2011 only 0.12% of compromises were attributed to zero-day exploitation [...]

Comments Off on Whistleblower Series – The real problem with China isn’t China, its you.

Whistleblower Series – Don’t be naive, take the time to read and understand the proposal.

By |2020-03-31T10:27:22-04:00May 16th, 2013|

In our last whistleblower article, we showed that the vast majority of Penetration Testing vendors don't actually sell Penetration Tests. We did this by deconstructing pricing methodologies and combining the results with common sense. We're about to do the same thing to the industry average Penetration [...]

Comments Off on Whistleblower Series – Don’t be naive, take the time to read and understand the proposal.

How to find a genuine Penetration Testing firm

By |2020-03-31T10:27:31-04:00May 3rd, 2013|

There's been a theme of dishonesty and thievery in the Penetration Testing industry for as long as we can remember.  Much in the same way that merchants sold "snake-oil" as a cure-all for what ails you, Penetration Testing vendors sell one type of service and brand [...]

Comments Off on How to find a genuine Penetration Testing firm

The 3 ways we owned you in 2012

By |2020-03-31T10:27:38-04:00February 12th, 2013|

Here are the top 3 risks that we leveraged to penetrate into our customers' networks in 2012. Each of these has been used to affect an irrecoverable infrastructure compromise during multiple engagements across a range of different customers. We flag a compromise "irrecoverable" when we've successfully taken administrative control [...]

Comments Off on The 3 ways we owned you in 2012