Month: May 2024

How do I get into cybersecurity? How do I pass this certification exam? How do I handle a coworker who is hostile to my beliefs? We talk about these and much more at our monthly mentoring sessions with PEN Consultants CEO, Robert Neel, as well as other team members. Interested in joining us? It is […]

People use the term “penetration test” all of the time without actually understanding what it means. Even in the security industry, there is often disagreement on what exactly a “penetration test” is and how it differs from a vulnerability scan, vulnerability assessment, red teaming, etc. So, let’s clear up some of the confusion. This is […]

“Whoever brings blessing will be enriched, and one who waters will himself be watered.” (Proverbs 11:25). And yet… sometimes thirsty people just don’t want to drink. That is what it can feel like as a security researcher when you find a security vulnerability but can’t find a way to contact the company to ethically disclose […]

ChatGPT and the growth of impressive AI tools has given rise to a new concept – automated penetration tests. It sounds cool and marketing SEO loves it. But, the truth is that an automated “penetration test” is really just a more advanced vulnerability scan. Can it be valuable? Certainly! In fact, PEN Consultants recommends performing […]

There is a HUGE difference between a pentest’s price and a pentest’s cost. You can easily find “pentests” online for a low price – sometimes as little as $2000. But, those cheap “pentests” often come with a high cost. The methodology of those cheap “pentests” is shoddy and often misses entire classes of vulnerabilities. Those […]

Is there a book you can read over and over again? For us, it is the Bible. Every time we re-read a section, we find new insights, lessons, and values for our lives. In its own way, security testing is very similar – every time we test, we often find new issues and vulnerabilities. This […]

There’s a 62.8% chance your organization is using WordPress to manage its website if using a CMS (according to wpzoom.com). This market share dominance is one of the reasons it is highly targeted by hackers. Another reason WordPress is targeted and compromised often is relatively poor default security. Here are some tips to secure the […]

This is one of the most common questions we hear from clients during kick-off meetings. Maybe you have heard it or asked it yourself… The question is: What is your pentesting methodology? Most pentesting firms provide vague, high-level answers to this question. We don’t. Not only do we provide a detailed response during the kick-off, […]

Come see why we have been called “The Hobby Lobby of Pentesting”. Source: https://youtu.be/zVsvQHiP2tQ VIDEO TRANSCRIPT

We are certainly no Moses, but even Moses himself knew that people needed to be shown rather than told (Exodus 4:1). That is why we have adopted the same attitude when it comes to our penetration testing. We don’t just tell our clients what we are doing. We show them. We use real-time notes to […]