Gray Box vs. Black Box vs. White Box Testing

Gray Box vs. Black Box vs. White Box Testing


The balance of white/black box security testing is a decision you will ultimately make based on your budget, risk concerns, and internal policies. This article is intended to help a client think through the benefits of white box testing and the downsides to full black box testing, as well as provide several real-world examples to demonstrate the points.

(more…)

Troublesome: HostGator and Microsoft

Troublesome: HostGator and Microsoft


This article is to inform you of the incompatibility that exists between HostGator and Microsoft hosted email services, Microsoft’s inability to accurately distinguish good email from spam, and how unhelpful they both have been in resolving the issue. I hope this article will help inform two groups of people: (1) those currently using/those considering using any Microsoft hosted or managed email service (ex. hotmail.com, live.com, msn.com, outlook.com, O365, etc.), and (2) those those currently using/those considering using HostGator’s hosting services.

(more…)

Threat Intelligence and Brand Monitoring

Threat Intelligence and Brand Monitoring


One thing that nearly every department in your organization is concerned with is monitoring for references to your organization on the internet, such as brand reputation, cybersecurity threats, intellectual property rights, etc. But, what are your options?

(more…)

A Sensible Password Policy

A Sensible Password Policy


A password should be 24+ characters, require lowercase, uppercase, numbers, special characters, not one of the last 24 passwords, not more than three characters in a row of the same type, and change every 30 days. Uh, NOT! Here’s a more sensible policy.

(more…)

Tachyon – A Security Pros Paradise

Tachyon – A Security Pros Paradise


I recently had the privilege to perform full scope application security testing against 1E’s Tachyon, an endpoint incident response and remediation platform. I was so impressed with it, I sought (and received) approval from 1E to release this article publicly, detailing my impressions.

(more…)

© PEN Consultants, LLC 2013 -