Lucid Security Engineers regularly encounter HTTP headers during web application or network penetration testing that reveal potentially sensitive information such as application architecture, server versions, or information about the underlying host system. These types of information disclosure vulnerabilities can be utilized by attackers to quickly determine vulnerable server versions and perform more targeted attacks. As […]
Whether you aspire to become a security engineer or seek security services for your organization, you’ve undoubtedly heard of Nessus. But what is Nessus? This blog will highlight Nessus and its use by security vendors and internal security personnel within security operations centers (SOCs). Overview Tenable® created Nessus, a powerful vulnerability scanner. It enables internal […]
Asking “What can go wrong during a penetration test?” before initiating an assessment is both wise and prudent. This blog post outlines the risks associated with penetration testing and strategies to mitigate these risks. Downtime or Disruptions One of the top concerns client’s have about what can go wrong during a penetration test is downtime […]
Social media has become an integral part of our daily lives, both personally and professionally. Whether you’re promoting your business, sharing updates with your audience, or connecting with friends, the way you present yourself on social media can significantly impact your online presence. However, navigating the world of social media can be tricky, and even […]
In the realm of software development, the open-source ecosystem plays a pivotal role, enabling developers to leverage pre-existing code libraries and packages to expedite the development process. However, the dynamics of open-source software come with their own set of security challenges, one of which revolves around the changing ownership of packages. While changing package owners […]
In the digital age, where technology dominates almost every aspect of our lives, the threat of cyber attacks looms large, particularly in the workplace. As businesses increasingly rely on digital systems and data storage, the risk of falling victim to malicious cyber activity has never been greater. The consequences of such attacks can be devastating, […]
In the digital age, where cyber threats loom larger and more sophisticated than ever, organizations must fortify their defenses to protect sensitive data and maintain trust. The Center for Internet Security (CIS) Critical Security Controls, commonly referred to as the CIS Top 18, provides a strategic framework for mitigating the most prevalent cyber risks. However, […]
Preparing for an Upcoming Penetration Test An upcoming penetration test can stress any organization. Whether your company undergoes annual assessments or faces its first one, ensuring everything is in order is crucial. This article will guide you through preparing for your upcoming penetration test. Determining Scope Several factors influence your assessment’s scope. Consider these elements, […]
Determining if you should whitelist your penetration testers IP addresses is an important step before an assessment.
Lucid Security is a Veteran owned cybersecurity solutions company focused on offensive security and penetration testing.