Introduction Misconfigurations in cloud environments and resulting data breaches frequently put AWS Simple Storage Service in the news. In “Hands-On AWS Penetration Testing with Kali Linux,” authors Benjamin Caudill and Karl Gilbert offer practical steps for conducting penetration tests on major AWS services like S3, Lambda, and CloudFormation. S3 has enjoyed enormous popularity since its … Read more
Introduction Today’s businesses depend more heavily than ever on applications and data analytics. The more an organization transitions its processes to digital systems, the more data it can take advantage of. Enterprise cloud platforms support these applications, with Amazon Web Services (AWS) being one of the most popular options. As of 2023, Amazon reports that … Read more
Introduction ISO 27001 compliance entails proving that an organization’s information security management system (ISMS) aligns with the standard’s requirements. Achieving compliance requires undergoing an audit process where an independent third-party assessor evaluates the organization’s ISMS against said standard. The assessor examines the organization’s policies, procedures, and controls, as well as its risk assessment and risk … Read more
Introduction As cyber security professionals traverse the complex landscape of security assessments and penetration tests, smooth reporting and collaboration are critical for success. One tool that has gained popularity for facilitating these tasks is Dradis Framework. Since I started using the software, Dradis has proven to be the most functional and easy to work with for both solo … Read more
Introduction In many cases, penetration testing – an ethical engagement designed for identification and addressing of security vulnerabilities in systems, applications and networks, is required. Sometimes this requirement is directly specified while in other cases it’s implied by a need to build, audit or assess processes to mitigate cyber risk. This blog identifies just some of … Read more
The British Library has released a report providing insights gained from the cyber incident that paralysed its IT systems in October last year. This occurred due to a terminal server implemented by a third party for more efficient operations within the internal IT team. A suspected combination of a phishing attack to gain credentials, lack … Read more