Updated 2nd Sight Lab website to focus on penetration testing and cybersecurity assessments (more training)
I finally got around to updating the 2nd Sight Lab website to remove training and focus on penetration testing and security assessments.
This is by no means a fancy website, just facts.
When I started my company, I could only write conceptually about what we were going to do. I can now write with more confidence about what we have done and the results of over six years of cybersecurity services.
Since my very first penetration test through 2nd Sight Lab, I have always found a high impact penetration testing result for clients.
As for the definition of high risk, I’ve changed that over time. There are things that some people consider high risk that are actually best practices or advanced security issues. Some are certainly risks and best practices, but do not instantly lead to a data breach.
2nd Sight Lab takes a different view. High risk is something that falls into one of these categories:
- This will allow attackers to steal credentials.
- This will allow attackers to steal data.
- This will give attackers access to control systems.
If it is something that could be used to do any of the above but requires multiple issues to exist at the same time, or if the data involved is low risk and the system has no no connection with other data or systems with higher impact, then we could move it to the medium category.
Over time, I have come to feel like some discoveries are just noise. We move them to an informative category.
Other results are very important for preventing violations, but they will not *cause* a violation. They’ll just make it harder to spot one and deal with it after the fact.
Since cloud misconfigurations are so widespread, we always include an assessment of misconfigurations and recommendations for improvement in our reports. Some of the tools we use earn such high things…