Threat Informed Defense (Part 1): Threat Simulation [A Webinar Recap]

by Tori Thurmond / April 18, 2024

Cyber threats pose significant risk to organizations worldwide, ranging from financial loss to reputational damage to operational disruptions. These ever-evolving threats can be intimidating, but with the right preparation, organizations can proactively mitigate risks and fortify their overall cybersecurity posture. One way to offensively protect your organization from the treat landscape is through threat simulation.   This week, our VP of Pen Testing, Jason Rowland, kicked off our three-part Threat…

Notes from the Field: CIS Control 16 – Application Software Security 

by Greg Halpin / April 3, 2024

Recently, I’ve been working with a small Software as a Services (SaaS) company, and it quickly became clear they didn't have much in place by way of security. They didn't have a documented policy. They didn't do code reviews. New code releases were deployed on the fly. They didn't do secure scans of code or the web application. They didn't have a web application firewall (WAF). The application database was…

Understanding the Hospital Cyber Resiliency Landscape Analysis

by Hannah Grace Holladay / March 12, 2024

The United States Healthcare and Public Health (HPH) sector is facing a dramatic increase in cyber-attacks that are disrupting patient care and safety.  Hospitals are facing directly targeted ransomware attacks that aim to disrupt clinical operations. According to a new study (linked below) by the U.S. Department of Health and Human Services (HHS), 96% of small, medium, and large sized hospitals claim they are operating with end-of-life operating systems or…

What You Need to Know About OSSTMM

by Hannah Grace Holladay / December 21, 2023

What is the Open Source Security Testing Methodology Manual (OSSTMM)? The Open Source Security Testing Methodology Manual, or OSSTMM, is a peer-reviewed methodology for security testing, maintained by the Institute for Security and Open Methodologies (ISECOM). The manual is updated every six months or so, to remain relevant to the current state of security testing. ISECOM's main goal with the OSSTMM is to offer a scientific method for accurately understanding…

What Are the Penetration Testing Steps?

by Tori Thurmond / January 8, 2024

If your organization or technology hasn’t gone through a penetration test or security testing before, you may not know what to expect. Even if you have, maybe you’re wondering what KirkpatrickPrice’s methodology and stages of penetration testing are. Once you know what to expect, you can reap the benefits of the more in-depth process with additional analysis by certified ethical hackers. At KirkpatrickPrice, there are seven stages of penetration testing.…