#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
DevSecOps

Penetration Testing | Breaking Cybersecurity News | The Hacker News

Category — Penetration Testing
HackGATE: Setting New Standards for Visibility and Control in Penetration Testing Projects

HackGATE: Setting New Standards for Visibility and Control in Penetration Testing Projects

Jan 21, 2025 Penetration Testing / Cybersecurity
Imagine receiving a penetration test report that leaves you with more questions than answers. Questions like, "Were all functionalities of the web app tested?" or " Were there any security issues that could have been identified during testing?" often go unresolved, raising concerns about the thoroughness of the security testing. This frustration is common among many security teams. Pentest reports, while crucial, frequently lack the depth and detail necessary to truly assess the success of the project. Even with years of experience working with cybersecurity teams and managing ethical hacking projects, we frequently encountered these same issues. Whether collaborating with external pentest providers or managing our own projects as founders of Hackrate , we often faced difficulties in ensuring that the testing was as comprehensive as it needed to be. This realization inspired us to create HackGATE , a managed gateway solution built to bring transparency and contro...
Beyond Compliance: The Advantage of Year-Round Network Pen Testing

Beyond Compliance: The Advantage of Year-Round Network Pen Testing

Nov 18, 2024 Penetration Testing / Network Security
IT leaders know the drill—regulators and cyber insurers demand regular network penetration testing to keep the bad guys out. But here's the thing: hackers don't wait around for compliance schedules. Most companies approach network penetration testing on a set schedule, with the most common frequency being twice a year (29%), followed by three to four times per year (23%) and once per year (20%), according to the Kaseya Cybersecurity Survey Report 2024 . Compliance-focused testing can catch vulnerabilities that exist at the exact time of testing, but it's not enough to stay ahead of attackers in a meaningful way. Why More Frequent Testing Makes Sense When companies test more often, they're not just checking a box for compliance—they're actually protecting their networks. The Kaseya survey also points out that the top drivers for network penetration testing are: Cybersecurity Control and Validation (34%) – ensuring the security controls work and vulnerabilities are minimized. Re...
Watch Out For These 8 Cloud Security Shifts in 2025

Watch Out For These 8 Cloud Security Shifts in 2025

Feb 04, 2025Threat Detection / Cloud Security
As cloud security evolves in 2025 and beyond, organizations must adapt to both new and evolving realities, including the increasing reliance on cloud infrastructure for AI-driven workflows and the vast quantities of data being migrated to the cloud. But there are other developments that could impact your organizations and drive the need for an even more robust security strategy. Let's take a look… #1: Increased Threat Landscape Encourages Market Consolidation Cyberattacks targeting cloud environments are becoming more sophisticated, emphasizing the need for security solutions that go beyond detection. Organizations will need proactive defense mechanisms to prevent risks from reaching production. Because of this need, the market will favor vendors offering comprehensive, end-to-end security platforms that streamline risk mitigation and enhance operational efficiency. #2: Cloud Security Unifies with SOC Priorities Security operations centers (SOC) and cloud security functions are c...
Guide:  The Ultimate Pentest Checklist for Full-Stack Security

Guide:  The Ultimate Pentest Checklist for Full-Stack Security

Oct 21, 2024 Penetration Testing / API Security
Pentest Checklists Are More Important Than Ever Given the expanding attack surface coupled with the increasing sophistication of attacker tactics and techniques, penetration testing checklists have become essential for ensuring thorough assessments across an organization's attack surface, both internal and external. By providing a structured approach, these checklists help testers systematically uncover vulnerabilities in various assets like networks, applications, APIs, and systems. They ensure no critical area is overlooked and guide the testing process, making it more efficient and effective at identifying security weaknesses that could be exploited by attackers. A pentest checklist essentially leaves no stone unturned and is a detailed and comprehensive list of every type of vulnerability in which to simulate an attack against. Each asset being tested, however, requires a different pentest checklist tailored to its specific characteristics and risks. For example, a checklist fo...
cyber security

Webinar: 5 Ways New AI Agents Can Automate Identity Attacks | Register Now

websitePush SecurityAI Agents / Identity Security
Watch how Computer-Using Agents can be used by attackers to automate account takeover and exploitation.
How to Get Going with CTEM When You Don't Know Where to Start

How to Get Going with CTEM When You Don't Know Where to Start

Oct 04, 2024 Vulnerability Management / Security Posture
Continuous Threat Exposure Management (CTEM) is a strategic framework that helps organizations continuously assess and manage cyber risk. It breaks down the complex task of managing security threats into five distinct stages: Scoping, Discovery, Prioritization, Validation, and Mobilization. Each of these stages plays a crucial role in identifying, addressing, and mitigating vulnerabilities - before they can be exploited by attackers.  On paper, CTEM sounds great . But where the rubber meets the road – especially for CTEM neophytes - implementing CTEM can seem overwhelming. The process of putting CTEM principles into practice can look prohibitively complex at first. However, with the right tools and a clear understanding of each stage, CTEM can be an effective method for strengthening your organization's security posture.  That's why I've put together a step-by-step guide on which tools to use for which stage. Want to learn more? Read on… Stage 1: Scoping  When you're...
How to Plan and Prepare for Penetration Testing

How to Plan and Prepare for Penetration Testing

Sep 27, 2024 Penetration Testing / Threat Detection
As security technology and threat awareness among organizations improves so do the adversaries who are adopting and relying on new techniques to maximize speed and impact while evading detection. Ransomware and malware continue to be the method of choice by big game hunting (BGH) cyber criminals, and the increased use of hands-on or "interactive intrusion" techniques is especially alarming. Unlike malware attacks that rely on automated malicious tools and scripts, human-driven intrusions use the creativity and problem-solving abilities of attackers. These individuals can imitate normal user or administrative behaviors, making it challenging to distinguish between legitimate activities and cyber-attacks. The goal of most security practitioners today is to manage risk at scale. Gaining visibility, reducing the noise, and securing the attack surface across the enterprise requires the right people, processes, and security solutions. With the use of penetration testing services , organ...
Cybersecurity Researchers Warn of New Rust-Based Splinter Post-Exploitation Tool

Cybersecurity Researchers Warn of New Rust-Based Splinter Post-Exploitation Tool

Sep 25, 2024 Penetration Testing / Cyber Threat
Cybersecurity researchers have flagged the discovery of a new post-exploitation red team tool called Splinter in the wild. Palo Alto Networks Unit 42 shared its findings after it discovered the program on several customers' systems. "It has a standard set of features commonly found in penetration testing tools and its developer created it using the Rust programming language," Unit 42's Dominik Reichel said . "While Splinter is not as advanced as other well-known post-exploitation tools like Cobalt Strike, it still presents a potential threat to organizations if it is misused." Penetration testing tools are often used for red team operations to flag potential security issues in a company's network. However, such adversary simulation tools can also be weaponized by threat actors to their advantage.  Unit 42 said it has not detected any threat actor activity associated with the Splinter tool set. There is no information as yet on who developed the t...
Why Pay A Pentester?

Why Pay A Pentester?

Sep 18, 2024 Penetration Testing / Automation
The evolution of software always catches us by surprise. I remember betting against the IBM computer Deep Blue during its chess match against the grandmaster Garry Kasparov in 1997, only to be stunned when the machine claimed victory. Fast forward to today, would we have imagined just three years ago that a chatbot could write essays, handle customer support calls, and even craft commercial artwork? We continue to be amazed by what software can achieve—tasks we once thought were strictly human domains. Such is the surprise unfolding in the sphere of cybersecurity testing. Hold tight! Demystifying Penetration Testing If someone had told me 10 years ago that computer software could one day perform the work of an ethical hacker, I would have said 'No way, Jose'. Penetration testing—PT for short—is when experts mimic hackers to test a company's defenses. It's a critical practice, mandated by major regulatory bodies like PCI DSS, HIPAA, and DORA to ensure network safety. Yet, despite...
Breaking Down AD CS Vulnerabilities: Insights for InfoSec Professionals

Breaking Down AD CS Vulnerabilities: Insights for InfoSec Professionals

Aug 30, 2024 Vulnerability / Network Security
The most dangerous vulnerability you've never heard of. In the world of cybersecurity, vulnerabilities are discovered so often, and at such a high rate, that it can be very difficult to keep up with. Some vulnerabilities will start ringing alarm bells within your security tooling, while others are far more nuanced, but still pose an equally dangerous threat. Today, we want to discuss one of these more nuanced vulnerabilities as it is likely lurking in your environment waiting to be exploited: Active Directory Certificate Services vulnerabilities.  vPenTest by Vonahi Security recently implemented an attack vector specifically designed to identify and mitigate these hidden AD CS threats. But first, let's explore why AD CS vulnerabilities are so dangerous and how they work. What is Active Directory Certificate Services? Active Directory Certificate Services ("AD CS"), as defined by Microsoft is, "a Windows Server role for issuing and managing public key infrastructure (PKI) cert...
Expert Insights / Articles Videos
Cybersecurity Resources