How Lucid Security Conducts an Internal Penetration Test
Learn how Lucid Security conducts an Internal Penetration Test.
More issues
Risks of Using HTTP For Your Web Application
Risks of Using HTTP For Your Web Application
For modern web applications, the average user will interact over a secure protocol for communication (i.e. HTTPS, or Hypertext Transfer Protocol Secure). However, it's not uncommon to encounter a web application hosted in an internal corporate environment using the
How to Disable Device Code Authentication in Microsoft 365
A big phishing trend abuses the OAuth Device Code Authentication flow against Microsoft 365 tenants. This type of attack consists of abusing Microsoft's device code flow by coercing targeted users to enter a generated code into Microsoft's OAuth device authentication portal here, which will then grant
How to Disable Machine Account Creation
Disabling Machine Account Creation
Since Windows 2000, Microsoft has enabled the ability for all users to create up to 10 machine accounts by default. This is a “feature” implemented by Microsoft that inadvertently introduces potential vulnerabilities within an Active Directory environment. Secure deployment should ensure that Machine Account creation is
What is a Web Application Penetration Test?
What is a Web Application Penetration Test? The Open Web Application Security Project (OWASP) defines a web application security test as "...an active analysis of the application for any weaknesses, technical flaws, or vulnerabilities". This is an excellent definition of a web application penetration test, but this article
What is a Vulnerability Scan?
What is a vulnerability scan? How does it differ from a Contact us? What are the benefits of a vulnerability scan? How often should you conduct a vulnerability scan? This article answers all these questions!
What is a vulnerability scan?
A vulnerability scan is essentially an automated process to identify
Risks of a Large Attack Surface
A common theme amongst clients when conducting penetration tests is a large attack surface. Generally, the biggest risk is amongst externally exposed assets. However, this can be related to internal penetration tests and web application penetration tests. This blog post will briefly examine the biggest risks associated with a large
The Difference Between a Vulnerability Scan and a Penetration Test
What is the difference between a vulnerability scan and a penetration test?
A common question many client's may ask, is what is the difference between a vulnerability scan and a penetration test? This blog post will go into addressing the similarities and differences of each activity.
What is
What Can Go Wrong During an External Penetration Test?
External penetration tests often require organizations to safeguard their external perimeter against threats, whether for compliance, banking, or client requirements. However, it can be a daunting task which may have you wondering, "What can go wrong during a penetration test?". This blog post examines the risks and will
What is an External Penetration Test?
What is an External Penetration Test?
Before diving into what an external penetration test entails, let’s first recap what a penetration test involves. A penetration test simulates an attack on a network, application, device, location, controls, or humans in a controlled environment. Lucid Security conducts external penetration tests by