Lucid Security Engineers regularly encounter HTTP headers during web application or network penetration testing that reveal potentially sensitive information such as application architecture, server versions, or information about the underlying host system. These types of information disclosure vulnerabilities can be utilized by attackers to quickly determine vulnerable server versions and perform more targeted attacks. As […]
Whether you aspire to become a security engineer or seek security services for your organization, you’ve undoubtedly heard of Nessus. But what is Nessus? This blog will highlight Nessus and its use by security vendors and internal security personnel within security operations centers (SOCs). Overview Tenable® created Nessus, a powerful vulnerability scanner. It enables internal […]
Asking “What can go wrong during a penetration test?” before initiating an assessment is both wise and prudent. This blog post outlines the risks associated with penetration testing and strategies to mitigate these risks. Downtime or Disruptions One of the top concerns client’s have about what can go wrong during a penetration test is downtime […]
Preparing for an Upcoming Penetration Test An upcoming penetration test can stress any organization. Whether your company undergoes annual assessments or faces its first one, ensuring everything is in order is crucial. This article will guide you through preparing for your upcoming penetration test. Determining Scope Several factors influence your assessment’s scope. Consider these elements, […]
Determining if you should whitelist your penetration testers IP addresses is an important step before an assessment.
Lucid Security is a Veteran owned cybersecurity solutions company focused on offensive security and penetration testing.