Skip to main content
Gemma Moore 5 May, 2022

The password is dead.  Long live the password...

Passwords are bad.  We've known passwords are bad for decades, but the truth is that they're unlikely to go away for a very long time, even though we know all about their flaws. 

Improve your security

Our experienced team will identify and address your most critical information security concerns.

Gemma Moore 11 April, 2022

Cyber security challenges facing schools

We all want our schools and educational institutions to be secure.  We all want to ensure that our children can learn and thrive in a safe environment, and that we keep their data protected from those who might misuse it.  Schools are under attack, though – almost constantly – from increasingly organised and sophisticated criminal gangs.

Improve your security

Our experienced team will identify and address your most critical information security concerns.

Gemma Moore 4 April, 2022

Application testing and the OWASP Top 10

Quite often, a customer will ask us to "test our application against the OWASP Top 10". I'm going to start by saying that the OWASP Top 10 is a wonderful tool which has helped improve web application security globally since it first launched. But although it’s a common request to test applications against it, I think it's helpful to explain why it might not give you the security outcomes you want from a web application penetration test.

Improve your security

Our experienced team will identify and address your most critical information security concerns.

Gemma Moore 4 January, 2022

Accounting for key business security concerns in penetration testing

When it comes to penetration testing, if you have a good idea what you are really worried about as a business, you can get better results.  The more we know about you, your business and your security concerns when we conduct your pentest, the more focussed and accurate our risk ratings can be, and the more tailored to your environment our advice can be.

Improve your security

Our experienced team will identify and address your most critical information security concerns.

Gemma Moore 4 January, 2022

Using penetration testing to achieve different assurance outcomes

Penetration testing can be used in many different ways to meet different goals, and there are several different types of penetration test.  We’re always trying to understand our customer’s goals so that we can make sure we’re applying the right methodology to your penetration test to achieve the outcomes you want.

Improve your security

Our experienced team will identify and address your most critical information security concerns.

Cyberis 24 May, 2021

Common TLS/SSL Issues And What They Mean

Whilst it may be tempting to support older protocol versions, such as TLS 1.0 or even SSLv3, to maximise compatibility with legacy systems, this does not come without serious security compromises. Older protocol implementations can have inherent weaknesses that undermine the security they offer. They can lack support for modern encryption algorithms used in more secure cipher suites and may be missing features implemented in later versions, specifically designed to mitigate against the shortcomings of the older protocol.

Improve your security

Our experienced team will identify and address your most critical information security concerns.

Gemma Moore 4 February, 2021

Building long term partnerships with our customers to deliver the best outcomes from penetration testing programmes

We are a security partner of choice for many of our customers, and we love building long term relationships with our clients.  We appreciate that every business has its unique operational challenges, its own priorities and its own threat environment.  When we work closely with a client over the long term, we get to know what makes them tick and understand the nuances of their environment. 
This is a story of how, working with a customer over the long term, we're able to bring extra benefits to the table. 

Improve your security

Our experienced team will identify and address your most critical information security concerns.

Cyberis 18 November, 2019

Online Password Auditing Of A Domain Controller

Password auditing of a domain traditionally involves obtaining copy of the ntds.dit and performing some offline analysis which can be time consuming. The DSInternals PowerShell Module has an Active Directory password auditing cmdlet which performs checks for default, duplicate, empty and weak passwords. The audit can be performed against a domain online via DCSync, saving the need to obtain a copy of the ntds.dit. This can be of benefit if regular password audits are being performed.

Improve your security

Our experienced team will identify and address your most critical information security concerns.

Cyberis 5 November, 2019

The Dangers Of Vulnerability Scoring Dependency

Vulnerability scanning has an important role in most enterprise threat & vulnerability management programmes – it provides multiple benefits to internal security teams as they identify vulnerabilities and it can also help verify control performance.  Associated vulnerability scoring systems, such as the Common Vulnerability Scoring System (CVSS), have also gained widespread industry adoption, as they are simple to understand and usually produce repeatable results.

Improve your security

Our experienced team will identify and address your most critical information security concerns.

Geoff Jones 8 October, 2019

Changing Approaches To Penetration Testing

As a security consultancy, Cyberis undertakes penetration testing for organisations of all sizes, and in many verticals. This testing is often a function of regulatory or compliance requirements, and for some customers' operational teams is viewed as a necessary evil. Given time and resource pressures, and the prioritisation of business functions for internal ops teams, devops teams and other support staff, it can prove difficult for security teams to encourage engagement, and traction, for fixing identified vulnerabilities in existing systems and drive progress in internal security programs. This leads inevitably to stagnation and increased risk over time due to system obsolescence and poor standards.

Improve your security

Our experienced team will identify and address your most critical information security concerns.

We'd like to use analytics cookies. These send information about how our site is used to a service called Google Analytics, via Google Tag Manager. We use this information to improve our site.

Let us know if this is OK. We'll use a cookie to save your choice. You can read more about our cookies before you choose.