The penetration tester’s low hanging fruit

Once again I commissioned a CHECK penetration test.  Once again we found the usual suspects.

  • Patching not up to date
  • Cross site scripting
  • Weak protocols (FTP, but inside the data centre)
  • Weak cyphers in SSL
  • Weak cyphers in the iLo card
  • SNMP v2
  • Unused protocols open

I could have written the report myself and saved £10K.

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s