Asteros Blog
How Long Should a Penetration Test Take?
This week, I told a prospect that our penetration testing process takes about ten times longer than what another firm had quoted him….
Raxis vs. Asteros: What Changes When a Firm Gets Bigger
If someone recommended Raxis to you, that’s not a bad recommendation. They’re Atlanta-based, their testers hold real credentials, their reviews on Clutch are…
Penetration Testing is Stuck in 2010. Here’s How to Move On.
Today I stumbled across a companion blog post for a talk from BSIDES Atlanta 2010. A talk I was actually in the audience…
What Terence Tao’s Red Team Analogy Gets Right About Security
Terence Tao, often called the greatest living mathematician, recently wrote about the nature of red and blue teams — builders and breakers. Their…
How Pentest Vendors Hide Bad Work Behind Process
Most companies think buying a penetration test means getting real security insights. But too often, all you get is a PDF and a…
Auditors and CTOs Call Out Fake Pentests
Many SOC 2 “penetration tests” aren’t actually penetration tests — and real auditors, CISOs, and engineers are calling it out. In this video,…
Don’t Rewrite Your SOC 2 Controls — Get an Emergency Pentest and Finish Strong
So you’re halfway through your SOC 2 audit, and someone just asked, “Wait, where’s the penetration test report?” Panic sets in. Maybe you…
How to Milk a Penetration Test for Everything It’s Worth
Penetration testing takes time. It costs money. So if you’re doing it — you should milk it for everything it’s worth. In this…
“Vibe Hacking” and the Rise of the AI-Augmented Attacker
Zach wrote an article on HackerNoon about how generative AI is changing the game for both attackers and defenders. It looks at how…
What to Do If You Fail a Penetration Test
Failed your pentest? You’re not alone — and it’s not the end of the world. Maybe the report came back with critical issues…