Cybersecurity Blog
You’re ready to schedule your penetration test, but aren’t sure when that should be. Should it be at the beginning of the year or the end of the year? Are there industry standards that apply to scheduling your test? In this video, we take a…
Recently, we reviewed a report with a customer and received some interesting feedback regarding issues with mitigation. Some of the issues they were having trouble mitigating were related to supporting HTTP, and TLS versions below 1.3 instead of forcing HTTPS with TLS 1.3. Another…
Digest authentication is one way of confirming the identity of a user before sending sensitive information. This is done by the web server when a user requests information in a web browser. It is considered one of the more secure methods for authentication but isn’t…
Are you struggling to understand what a pen test is? If you are, you’re not alone. A lot of people find themselves confused, trying to differentiate a genuine penetration test from a basic vulnerability scan. It’s even more confusing when several companies claim to offer…
You receive your report, and you see no findings. Does that mean we only ran vulnerability scans? This question comes up frequently. We’ve talked about the differences between a real pen test and a fake one (aka vulnerability scans). But when there are no findings,…
There are a lot of companies selling penetration tests (pen tests), but how do you know if what you are getting is a real pen test? When it’s something that’s less tangible than, say, getting an oil change, it can be hard to determine if…
The Log4j vulnerability has been in the news since its discovery in November 2021. At MainNerve, the most common question asked is, “Does MainNerve test for the Log4j vulnerability?” The answer is yes, but what is this vulnerability, and why does it matter so much? …
Helping Small to Medium-Sized Businesses Understand Cybersecurity Threats As a cybersecurity company that works with companies of all sizes, we know that Small to Medium-Sized Businesses (SMBs) wear many hats including the IT hat. Unfortunately, there are many challenges facing SMBs today; Cyber threats are…
In a previous blog post, we discussed the differences between penetration testing and vulnerability scanning. However, those of us at MainNerve realized that sometimes we are so involved in this world that there may be things that the general populace may not inherently understand about…
Last year is the year that keeps on giving, at least for the people stealing identities and filing for unemployment. It’s an understatement to say COVID-19 drastically affected employees around the country. Many employees ended up laid off, or entrepreneurs lost their businesses due to…
As if COVID-19 hasn’t deeply affected everyone’s lives already, now there are criminals who are sending COVID-19 vaccine email scams to unsuspecting victims and creating fake websites. The Threat – Vaccine Scams The FBI has already started warning the public about these fraudulent websites and…
You may have seen the OWASP® Top 10 on our site or around the web and are wondering what it is. What is OWASP®? Let’s start with what OWASP® is. It stands for the Open Web Application Security Project®. They are a nonprofit organization whose…