Sign in Subscribe

pentester

Vulnerability, Control, and Risk are not same

where-is-the-risk

Vulnerability, Control, and Risk are not same

As Pentester, auditor, or risk assessor, it is important to understand difference

'Lack of CAPTCHA' is not always a valid vulnerability or risk

where-is-the-risk

'Lack of CAPTCHA' is not always a valid vulnerability or risk

CAPTCHA is a valid security control. However, lack of it may not be a valid vulnerability in all cases and 'lack of CAPTCHA' is definitely not a risk. May be part of risk.

Risks of a cybersecurity career

Risks of a cybersecurity career

Cybersecurity is one of buzz-words promising the la-la land these days. Everyone is running towards it. However, it will help if one is aware of the 2 big risks.

A Day in a Pen-tester’s life

A Day in a Pen-tester’s life

My 2 cents on a day in a pentester's life, from the vantage point of someone who does it (sometimes) but observes it (a lot). TLDR - it is not all pentesting!

Do not kill your pentester for little or no value-add

Do not kill your pentester for little or no value-add

How to get more value out of a pentest.

External Network VAPT: tools, information sources

This is a live post; it will undergo changes, which are captured in change log, provided at the end of this post.

How to download Nessus Pro using cURL…

assuming you have a valid account with tenable and have paid for your license.