Other content in this Stream
The Intricacies in Pen Test Timing
Schellman Principal, Matt Wilgus addresses one of the biggest challenges frequently seen in planning penetration tests—timing
Burp Suite Certified Practitioner: Exam Review
Considering Portswigger's new Burp Suite Certified Practitioner certification? Read a senior pen tester's experience to understand what to expect.
Analyzing macOS on Apple M1 Silicon: A Pen Tester’s Take on Mac Security
Using MacOS within your corporate environment? Our team tested the latest Apple M1 Silicon - here are our security findings regarding vulnerabilities Mac users face.
How to Catch Mobile Traffic Escaping Burp
Testing a mobile application and frustrated watching some traffic slip away from your settings? Learn about a technique that can help stop that from happening so you can capture everything every time.
How to Write a Burp Suite Extension
Working with Burp and finding that you need a workaround? Learn how to build your own extension and potentially solve your problem.
Using Mind Maps in Application Security Testing
Making AppSec penetration testing assessments more streamlined through application mapping
OSEP and PEN-300 Course Review
For those interested in OSEP certification, Schellman Penetration Tester, Wes Dorman provides an overview of the recently released PEN-300 course Overview Offensive Security has released se
Schellman is Now a PCI ASV
Schellman expands services and becomes Payment Card Industry (PCI) Approved Scanning Vendor (ASV)
Deterring Attackers with Low Effort in Active Directory
Schellman Penetration Tester Wes Dorman shares techniques for slowing down an adversary's attacks with active directory hardening
CSO and Pen Tester: A Perspective From Both Sides
Schellman's John Bullinger shares his experiences and best practices for conducting penetration testing from both sides of the coin: as that of a CSO and as a penetration tester.
OSWE Review and Exam Preparation Guide
For seasoned penetration testers who want to become a true web app exploit guru, OSWE certification delivers. Schellman's Nathan Rague provides an exam guide to help aspiring candidates prepare.
Port Scanning: Slow is Smooth and Smooth is Fast
For any penetration testing engagement, internet-facing services are an important part, and there are multiple ways to obtain information before determining if they are vulnerable to exploitation.
5 Common Pitfalls when Pursuing FedRAMP Authorization
What are the common reasons CSPs fail to achieve a FedRAMP Authority to Operate ATO in a timely manner?
Preparing for an API Penetration Test
Many organizations provide Application Program Interfaces (APIs) to allow their clients and business partners to enter and retrieve data. We primarily see REST based APIs, but also GraphQL and SOAP.
Transitioning into a Penetration Testing Role
This has been the most rewarding and engaging work and continues to be my dream job, and yet, the transition from full-stack web application developer to penetration tester was daunting.
A Spooky Tale of Cybersecurity
When it comes to cybersecurity, it’s the things we don’t know that can be the scariest.
39:44Cloud Apps - Penetration Testing for Providers and Customers
Please, join Matt Wilgus and Josh Tomkiel from Schellman's Threat and Vulnerability Assessment team, as they cover the ins and outs of performing a penetration test of cloud based services.
EC-Council Brings A New Range Of Real World Challenges
EC-Council brings a new range of real world challenges that will not only test your Pen-testing skills but guarantees you an experience that is not built for the weak hearted.
Clarifying the FedRAMP Penetration Test Requirements
As a Third Party Assessment Organization (3PAO), Schellman regularly conducts FedRAMP assessments for Cloud Service Providers (CSPs). Included during these assessments is a penetration...