How to Milk a Pentest for Everything It’s Worth
There are two kinds of penetration tests. The first is a piece of theater. You pay a vendor, they run an automated scanner,…
From Data Breach to Physical Harm: The Rise of “Violence-as-a-Service”
“Violence-as-a-Service” is no longer a plot for a thriller. It’s a documented, growing threat that security leaders must add to their risk models….
Uncovering Supply Chain Risks with Penetration Testing
When you build a modern web application, how much of the code did your team actually write? 50%? 20%? Less? And no, I’m…
What “Shifting Left” Means for Security (And Why We Were Stuck So Far to the Right)
In software, everything moves left to right. On the far left end, you’ve got planning and design, where ideas take shape and blueprints…
Case Study: The Emergency System That Needed an Emergency Fix
How a critical flaw in a third-party safety app was uncovered during a routine network penetration test, leading to a full administrative takeover….
Don’t Mistake Process for Competence in Penetration Testing
On a recent call, a prospect asked us, almost apologetically,“Umm… if we have a question about something in the pentest report, can we…
A CTO’s Guide to HITRUST Penetration Testing Requirements
If you’re a technical leader at an organization that handles sensitive health information (ePHI), the phrase “HITRUST certification” likely brings a mix of…
Will a Pentest Get Us Through SOC 2 CC7.1? A Guide for Engineering Leaders
Preparing for a SOC 2 audit can feel like navigating a maze, especially when your team is already sprinting through development cycles. For…
How Long Should a Penetration Test Take?
This week, I told a prospect that our penetration testing process takes about ten times longer than what another firm had quoted him….
Raxis vs. Asteros: What Changes When a Firm Gets Bigger
If someone recommended Raxis to you, that’s not a bad recommendation. They’re Atlanta-based, their testers hold real credentials, their reviews on Clutch are…
