Time to Upgrade from Outdated Managed Vulnerability Scanning to Continuous Attack Surface Management

Warning: This blog contains purposeful marketing and gratuitous plugs for SynerComm’s CASM™ Subscription services. Seriously though, the following article will present the need for better external visibility and vulnerability management. Whether you are vulnerability scanning to meet compliance requirements or doing it as part of good security practices, there is a universal need. At the…

In Scope or Out of Scope?

In penetration testing, it’s important to have an accurate scope and even more important to stick to it. This can be simple when the scope is limited to a company’s internet service provider (ISP) or ARIN provided IP ranges. But in many cases, our client’s public systems have grown to include multiple cloud hosted servers,…

Continuous Penetration Testing

Bridging the Gap Between Point-in-Time Penetration Tests  “So, let’s say we fix all of the vulnerabilities that the pentest discovers… How do we know tomorrow that we’re not vulnerable to something new?” ~Customer Having been part of the penetration testing industry for over 15 years, I’ve been challenged by many clients with this very question. The fact…

Why 14 Characters?

While experts have agreed for decades that passwords are a weak method of authentication, their convenience and low cost has kept them around. Until we stop using passwords or start using multi-factor authentication (for everything), a need for stronger passwords exists. And as long as people create their own passwords that must be memorized, those passwords will remain weak and guessable. This blog/article/rant will cover a brief background of password cracking as well as the justification for SynerComm’s 14-character password recommendation.