Menu

Call us on 03450 21 21 51

The benefits of working with a CREST accredited Company
The SRM Blog

Penetration Testing

Filter by category
The benefits of working with a CREST accredited Company

The benefits of working with a CREST accredited Company

Tamar Everson, Senior Pen Tester at SRM’s parent company, Arcanum Information Security explains why regular penetration testing by a CREST accredited company is an essential part of any robust..

An introduction to security testing

An introduction to security testing

What is security testing? Security testing is a broad term, referring to the process of checking that a system, network or software is up to scratch and robust in..

Why should you be looking for a CREST penetration tester?

Why should you be looking for a CREST penetration tester?

Penetration testing plays an essential role in every modern business’s cybersecurity efforts. But not all pen tests are created equally. As most people familiar with the basics of cybersecurity..

Vulnerability scan vs penetration test: which is right for your business

Vulnerability scan vs penetration test: which is right for your business

SRM Senior Penetration Tester, Dean Moulden, explains why a combination of automated scanning tools and manual testing is the most efficient and effective way of assessing where a business’s..

How to solve a problem like beg bounties

How to solve a problem like beg bounties

Scamming and scheming is nothing new in cybersecurity. As hackers find their victims wising up to one tactic or technique, they are always driven to innovate and adapt in..

Betrayed by your own doorbell: what’s the cost of convenient home gadgets to your information security?

Betrayed by your own doorbell: what’s the cost of convenient home gadgets to your information security?

Here’s how IoT devices like the smart doorbell can act as entry points for cyber criminals, and how to safeguard the data security of remote workers It may be..

A cure for insomnia – and other benefits of a Managed Security Service

A cure for insomnia – and other benefits of a Managed Security Service

Organisations around the UK are reporting the new-found benefits of remote working – both for employee wellbeing and business overheads. But for risk owners the challenges presented by a..

Everything you need to know about CREST penetration testing

Everything you need to know about CREST penetration testing

A thorough CREST penetration test from a provider you can trust is an invaluable asset when it comes to protecting your business’s data. In the cybersecurity industry, CREST accreditation..

What is the main difference between vulnerability scanning and penetration testing?

What is the main difference between vulnerability scanning and penetration testing?

They are two key tools in the fight against cybersecurity breaches, but what separates vulnerability scanning and penetration testing? Penetration testing and vulnerability scanning are two key security services..

What does an effective penetration test consist of?

What does an effective penetration test consist of?

It’s one of the most reliable techniques for improving data protection, but what does an effective penetration test consist of? There’s no doubt that we’re living in uncertain times,..

Human or automated security solutions: which should your organisation use to combat cyber threats?

Human or automated security solutions: which should your organisation use to combat cyber threats?

A few years ago – two and a half thousand, to be precise – the Chinese general, writer and philosopher Sun Tzu wrote: ‘To know your enemy, you must..

Pen testing: putting a price on peace of mind

Pen testing: putting a price on peace of mind

When it comes to securing appropriate budgets for pen testing, the key thing is not cost, but value. Yet there is sometimes an uncomfortable dichotomy between what people want..

What is a vulnerability assessment and how should you use it?

What is a vulnerability assessment and how should you use it?

If your business is a house, with all that you hold precious contained inside it, then a vulnerability assessment is the regular checking of doors and windows to ensure..

It’s not a Dark Art: how we demystify cyber security

It’s not a Dark Art: how we demystify cyber security

It’s easy to see why many people think cyber security is a mysterious Dark Art. After all, it has a language of its own, full of acronyms, jargon and..

Pen testing: why businesses need to be proactive not reactive ahead of the peak retail period

Pen testing: why businesses need to be proactive not reactive ahead of the peak retail period

A breach at any time of the year is bad for business. But with the highest volume of sales – both retail and online – occurring between Black Friday..

Schools are being targeted by cyber criminals: 6 ways to shore up online defences

Schools are being targeted by cyber criminals: 6 ways to shore up online defences

In 2017 the Independent Schools’ Bursars Association (ISBA), which supports over 1,000 senior management staff in schools, stated that cyberattacks in schools can no longer be considered ‘isolated incidents’...

GDPR and data security in the gambling industry

GDPR and data security in the gambling industry

This article first appeared in the Q3 edition of Casino & Gaming International  (CGi ) and appears here with their kind permission. As the implications of the General Data..

Pen testing: seeing both the wood and the trees

Pen testing: seeing both the wood and the trees

If recent well-documented breaches tell us anything it is that even organisations with large budgets and skilled cyber security teams can miss something. In spite of their best efforts,..

The Industrial Revolution v4.1: with increased opportunity comes increased vulnerability

The Industrial Revolution v4.1: with increased opportunity comes increased vulnerability

If history teaches us one thing it is that there is no going back. It started with the First Industrial Revolution which used water and steam power to mechanise..

The A to E of cyber maturity

The A to E of cyber maturity

In a recent report, the Philippine government’s Department of Information and Communications Technology (created in 2016) outlined a scale of cyber resilience based on an A to E grading..

Three stages to building a robust defence against external threats

Three stages to building a robust defence against external threats

The news has been full of concerns that foreign powers are using state-sponsored hacking as a means to undermine the infrastructure of foreign powers. While it is irresponsible to..

Cyber resilience: it’s a board level issue

Cyber resilience: it’s a board level issue

The problem with cyber resilience is in the name. When it comes to managing the risk posed by potential hackers and the requirement for robust testing and defence protocols,..

How attack is the best form of defence when it comes to protecting against the rising trend in phishing and social engineering attacks

How attack is the best form of defence when it comes to protecting against the rising trend in phishing and social engineering attacks

The recent April 2018 Trustwave Global Security Report reveals new global trends in the world of cyber hacking; most notably a move away from smaller high volume point-of-sale (POS)..

Penetration testing: man vs machine

Penetration testing: man vs machine

We already know that the concept of thinking like a potential hacker is the basis of penetration testing. But merely thinking like a hacker is not enough. We must..

The NIS Directive: who does it apply to and what will it mean?

The NIS Directive: who does it apply to and what will it mean?

May 2018 is a big month for cyber security. Not only will the EU General Data Protection Regulation (GDPR) come into effect but a new UK Data Protection Act..

Free live webinar: GDPR – the roles of manual and automated penetration testing

Free live webinar: GDPR – the roles of manual and automated penetration testing

15:00 – 15:45 Thursday 8th March 2018 Have you tested to check your GDPR compliance? A key aspect of GDPR compliance is demonstrating that your systems are secure. Penetration..

Penetration testing: if prevention is to be an achievable goal we cannot rely on static defences

Penetration testing: if prevention is to be an achievable goal we cannot rely on static defences

SRM is at the PCI London event in London on 25th January, presenting on The Synergy Between Automated and Manual Penetration Testing.  How a responsive Test and Exercise strategy..

What is Red Team engagement?

What is Red Team engagement?

By Andrew Linn, Principal Consultant The news this year has been full of high profile hacks on large organisations. These have included viral and ransomware attacks which have brought..

GoT2: What the Game of Thrones HBO ransom reveals about White Hat Hackers

GoT2: What the Game of Thrones HBO ransom reveals about White Hat Hackers

As Game of Thrones fans watch the unfolding drama in Westeros on their TV screens, corporations around the world are equally riveted by the now public battle for HBO’s..

Game of Thrones: data theft and pen testing

Game of Thrones: data theft and pen testing

‘Hi to all mankind’. Thus began the email sent to journalists by hackers who have reportedly stolen 1.5TB of files and videos from entertainment giant HBO. What has made..

Calling in the Red Team: going above and beyond the vulnerability scan and penetration test

Calling in the Red Team: going above and beyond the vulnerability scan and penetration test

By Kane Cutler In the world of information security which is riddled with acronyms, the deceptively simple ‘Red Team’ may take a little explaining. Breaking down the initial letters..

What is the difference between a penetration test and a vulnerability scan?

What is the difference between a penetration test and a vulnerability scan?

  Penetration testing and vulnerability scanning are sometimes confused. After all, they sound as if they might do a similar job. But there are important differences. Also known as..

Grey Monday and the importance of the penetration test

Grey Monday and the importance of the penetration test

How a correctly-scoped penetration test will future-proof your organisation from real world cyber attacks. In the aftermath of Black Friday comes Grey Monday. The day of reckoning. Because although..

What are the common failure points of repeat info-security assessments?

What are the common failure points of repeat info-security assessments?

Maintaining Compliance with any Information Security Standard is often a long and winding journey. You never quite know what is over the horizon or around the bend, so what..

The Emerging Market of Cyber-crime as a Service

The Emerging Market of Cyber-crime as a Service

One of the greatest misconceptions about cyber-crime is that you need to be a computer geek to be a cyber-criminal. The truth is the cyber-crime industry is starting to..

The penetration test – a test of faith?

The penetration test – a test of faith?

By Kane Cutler, PCI QSA, Tiger QSTM, CEH Although statistics show that skydiving is a relatively safe pastime, things do sometimes go wrong. Since 2004 653 people have lost..