How to build a good security testing strategy

Ten years ago, you could kind of get away with not paying much attention to security. This worked if you were not in certain sectors or didn’t have a certain...Read more...

client reading securify report

Blogs

  • BOFRyptor: Encrypting Your Beacon During BOF Execution to Avoid Memory Scanners

    While the sleep mask kit is doing a great job at encrypting the beacon at rest, the beacon resides unencrypted in memory during the execution of BOFs. This leads to detection if a memory scan is performed during the execution of the BOF. To overcome this, we encrypt the beacon memory and configuration block at the...Read more...

  • Pentesting and third-party developers

    What if your external developer won’t let you share the code of an application with us for a pentest, even though the application was made specifically for you? This is problematic because it forces you to accept a less effective test of your application: one in which we cannot look at the code while we carry out the...Read more...

  • What is the best type of test for your scenario?

    You may want a pentest for a variety of reasons: in this blog we will discuss four common reasons for pentests of (web) applications or hardware and I will give you tips.
    Above all: understand what your own reason is and communicate this with your pentest provider. It will improve your pentest experience, I promise!...
    Read more...

  • Why not share your code for a penetration test?

    If you ask us to carry out a penetration test (pentest) of an application, we will ask you to share the code to the application up front. A pentest is much more effective when the pentester has the code at hand. In our jargon, this is called a white box test.
    In this blog, I will discuss three objections to sharing...
    Read more...

  • How to build a good security testing strategy

    Ten years ago, you could kind of get away with not paying much attention to security. This worked if you were not in certain sectors or didn’t have a certain profile, and if you were lucky. Until a few years ago.
    Read our earlier article to understand how for everyone, the impact and likelihood of potential security...
    Read more...

Questions or feedback?