ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login
    1. Topics
    2. Tags
    3. security audit
    Log in to post
    • All categories
    • AmbarishrhA

      Anyone used Infection Monkey?

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion infectionmonkey open source breach and attack simulation security security audit
      6
      4 Votes
      6 Posts
      1k Views
      AmbarishrhA

      @scottalanmiller said in Anyone used Infection Monkey?:

      @ambarishrh I meant that YOU should make one.

      I'm too subtle, I guess.

      lol! Yes, will make one for sure! Just need to test it on a lab and see how it goes. Its an interesting project 🙂

    • H

      Any recs for a company that does risk assessment (with HIPAA focus)?

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion compliance security audit
      3
      1 Votes
      3 Posts
      910 Views
      IRJI

      https://www.ciphertechs.com/solutions/governance-risk-compliance/

    • wrx7mW

      Website Security Auditor Recommendations Wanted

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion wordpress hacked website security security audit aws audit
      5
      2 Votes
      5 Posts
      715 Views
      dbeatoD

      YOu can also do a free test from Qualys
      https://www.qualys.com/free-services/
      https://www.qualys.com/community-edition/

    • CloudKnightC

      365 have I been pwned script

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion office 365 security audit
      17
      0 Votes
      17 Posts
      2k Views
      jmooreJ

      @travisdh1 You are sure right there

    • AmbarishrhA

      An interesting post about a security auditor's requirements!

      Watching Ignoring Scheduled Pinned Locked Moved Water Closet security audit
      5
      1 Votes
      5 Posts
      969 Views
      scottalanmillerS

      @JaredBusch said in An interesting post about a security auditor's requirements!:

      @scottalanmiller said in An interesting post about a security auditor's requirements!:

      That's not a real auditor, that's a hacker posing as an auditor. If that auditor didn't have a signed, bonded affidavit from the CEO saying that he could social engineer the IT department to test their resolve then they should immediately have called the FBI, assuming that this is the US. That the person claims to be an auditor doesn't make him one, that he keeps badgering the IT guy makes what might be a mistake into clear social engineering. Charges should have been filed against them. Had they done that to a public company, charges would like have been brought under any number of federal statutes including SEC regulations.

      from the linked article:

      My "legal guy" has suggested revealing the company would probably cause more problems than needed. I can say though, this is not a major provider, they have less 100 clients using this service. We originally started using them when the site was tiny and running on a little VPS, and we didn't want to go through all the effort of getting PCI (We used to redirect to their frontend, like PayPal Standard). But when we moved to directly processing cards (including getting PCI, and common sense), the devs decided to keep using the same company just a different API. The company is based in the Birmingham, UK area so I'd highly doubt anyone here will be affected.

      Yeah, legal seemed to agree.

    • 1 / 1