Entries by Shearwater

What are the different types of penetration testing?

In this blog article, we describe the different types of penetration testing and various approaches (black, white and grey box) that make up the general range of strategies employed to conduct a penetration test. There are many different testing methodologies. They are generally categorised into: What are the different types of penetration testing? Networks (external, […]

What is the difference between vulnerability assessment and penetration testing?

There is often confusion around the role of a vulnerability assessment versus a penetration test. This is compounded by unscrupulous security vendors presenting (and pricing) a vulnerability assessment as a penetration test. Aside from poor ROI, this can give an organisation a false sense of security, when in fact they have only received a basic […]

Why should I complete penetration testing if I don’t need to be compliant?

For an organisation, not yet, impacted by cybercrime, penetration testing outside of compliance may seem like an additional, unwelcome expense. In the following blog article, we explain how penetration testing is good for (and may even save) your business. A Penetration Test (also known as ethical hacking) is an authorised hacking attempt, targeting all, or […]

How do you determine the scope of a penetration test?

Guidance on best practice scoping and the key pitfalls to avoid The objectives of penetration testing are to provide a level of assurance to match the risk profile (including any compliance requirements) for your organisation, whilst also providing a good ROI. How well your chosen penetration testing provider scopes your penetration test will determine the […]

How to Avoid Common Penetration Testing Pitfalls

Guidance for Penetration Testing Buyers There are many pitfalls and mistakes that organisations using, or considering using, penetration testing services can easily avoid. In the following blog article, we discuss ‘what not to do’ to ensure you receive the best penetration testing outcomes. There are many common penetration testing pitfalls and mistakes that you can […]

December 2018 Security Report | Shearwater Solutions

Featured this month: Exposed Remote Desktop connections create a soft target for attackers, email distribution platforms are increasingly being hijacked to facilitate mass phishing campaigns, several Self Encrypting Drives have multiple vulnerabilities, a VirtualBox Zero Day vulnerability, breaches that caused inconvenience for Dell, created danger and disruption for an Ohio hospital and exposed over 500,000 […]