Published: 05 July 2023    Last Updated: 05 July 2023

Habitually in our articles we use the term “Threat Actors” where you might expect us to use a term like “attacker” or “cybercriminal”. So why do we do that? In short, we find that threat actor is a more accurate term where something like “cybercriminal” may, in some cases, be overly specific.

You see, there are a whole bunch of different individuals and groups out there which may cause damage to an organisation that the term “cybercriminal” might not cover. So, who might target your organisation?

Published: 04 July 2023    Last Updated: 05 July 2023

I recently wrote a quick start guide to hardening SSL/TLS configurations, to help people to better understand all the different aspects of securing their transport layer security configuration – however, during that article I skipped over a big section: SSL Certificates.

In this article, we’ll focus on the certificates themselves and the impact of common certificate issues. It’s also worth noting that whilst they’re commonly called “SSL Certificates”, we learned in the last article that of course all version of SSL should be disabled, since we know SSL was deprecated in 2015 and is “comprehensively broken”.

Therefore, if you prefer the term “TLS Certificate”, or even the technically more accurate “X.509 Certificate” then that’s great – but you’ll rarely see the latter term used outside of technical documentation, it seems “SSL Certificate” has stuck as the common term.

Published: 03 July 2023    Last Updated: 05 July 2023

Secure Sockets Layer (SSL) was a protocol designed to protect network traffic in transit, however it was superseded by Transport Layer Security (TLS) in 1999. These protocols are well-known for protecting web traffic with HTTPS. However, they can be used to protect lots of different kinds of traffic, for example they can also be used to protect email traffic, instant messaging, and more.

Published: 09 November 2022    Last Updated: 11 November 2022

An authentication factor is something that is supplied to verify an identity – the most common example of an authentication factor is a password, a secret word used to authenticate yourself for access to an account. Multi-factor authentication is the requirement to supply several factors during authentication. This is often called “Two Factor Authentication” (2FA) as, most commonly, two factors are required, but it could, in some instances, be more and so MFA is the more general term.

Published: 02 November 2022    Last Updated: 03 November 2022

After publishing yesterday’s article about how frequently you should get a penetration test, I inadvertently started a discussion on Twitter about another aspect of penetration testing delivery: Should you change providers, or you should stick with who you know?

Published: 02 November 2022    Last Updated: 04 November 2022

With modern platforms such as WordPress, WooCommerce, Magento, and Shopify, it’s now easier than ever to create an online store. However, many online retailers are not cybersecurity experts and might not be sure where to get started with securing their site.

Published: 28 October 2022    Last Updated: 03 November 2022

The truth is, it’s very unlikely you’ll even get a strong answer from an organisation as to how frequently you should test. Even organisations like the NCSC, who offer guidance to UK businesses on how to stay secure, don’t give a direct answer to the question. However, they may comment on other businesses behaviour such as saying “it’s not uncommon for a year or more to elapse between penetration tests” before commenting that this is likely insufficient.

Published: 28 October 2022    Last Updated: 03 November 2022

Choosing a PenTesting provider can be difficult, how do you know if they’re good at what they do and they’ll make working together easy? Perhaps you have a provider already, but they’ve not lived up to your expectations.

Since choosing a testing provider is a critical part of your cybersecurity strategy, we’ve added a few things to consider here. We’re also available for advice and help if you’ve got questions about testing in general or how to get started with your strategy.

Published: 27 October 2022    Last Updated: 03 November 2022

Turn Penetration Testing from a cost to a competitive advantage using customer retention, legal compliance and modern business practices in your favour.

Published: 27 October 2022    Last Updated: 03 November 2022

Tips and tricks to make the most of your penetration testing budget. We suggest practical ways to obtain the best value for your spend.

Published: 10 March 2021    Last Updated: 03 July 2023

Major outages in major public cloud providers such as Azure and AWS are rare, but they do happen. Today OVH had a major incident: “OVH datacenter burns down knocking major sites offline” and they’re not the only ones to experience these issues, for example Amazon had a major outage in November and Microsoft had one in September.

This prompted me to write up an article on Akimbo’s recent work building resilience into our platform, so today I’m going to talk a little bit about a couple of the features of AWS that allow for significant resilience and I’m going to do that by running you through my recent experiments on our platform which can be roughly summarised as “Turning things off to see what breaks.”