by Dr. DeMott | Jul 11, 2018 | Auditing, Pentesting
We at VDA have noticed that many financial institutions (banks, credit unions, etc.) are getting a vast variety of lower cost “audits” all the time. Things like: IT Audit, Network Security Audit, Firewall Audit, Password Audit, etc. That’s fine on one... 
by Michael Fowl | Jun 5, 2018 | Enterprise Security, Pentesting, Security
In the past, many organizations focused heavily on protecting ingress connections to their network and did not care much about egress connections from their network to the internet. This was less than ideal, because when an attacker or penetration testing team gained... 
by Jenny Harrold | Mar 20, 2018 | Pentesting
Recently VDA was conducting an enterprise software security engagement where we were looking closely at the internal software security practices of a large enterprise. Through that work I got to spend a lot of time with a document called the BSIMM which is a study... 
by Jenny Harrold | Feb 6, 2018 | Pentesting
When VDA Labs conducts internal penetration tests, application security assessments, or product security reviews we typically use what we call a ‘dropbox’ in order to grant our team members access to the network or system that we are testing. These might... 
by Dr. DeMott | Jun 16, 2017 | Enterprise Security, Pentesting
At VDA Labs we do a variety of technically deep security services for our customers. From product assessments, to incident response, training, and more. One of the things we love to do is enterprise pentesting. Sometimes customers are unsure what portions of the... 
by Dr. DeMott | Nov 9, 2016 | Pentesting
VDA labs is often asked about doing pentests. What’s interesting is how that word means different things to different people. Sometimes what they really want is a pentest of an app or system. A system can be audited based on design, machine or manual code analysis,... 