service

Is ChatGPT Your Next Phishing Enemy?

AI Phishing with ChatGPT

AI technologies such as ChatGPT and Google Bard have the potential to revolutionize productivity and convenience. However, the negative implications of AI, specifically in the realm of cybersecurity, are often overlooked.

For instance, tools like ChatGPT can greatly aid marketing employees in creating templates, emails, logos, and more with speed and efficiency. Unfortunately, these same tools can be exploited by malicious actors to easily craft convincing phishing emails.

According to IBM’s X-Force Threat Intelligence Index 2023, up to 41% of breaches occur due to employees unwittingly opening malicious documents (“maldocs”) embedded in phishing emails. Despite advancements in email scanners and antivirus solutions, such incidents are increasing.

To illustrate the risks associated with AI-generated phishing emails, Pensive Security conducted a test using the ChatGPT 3.5 service to create a reasonably believable phishing campaign with minimal user input.

Read More

Source Code Analysis

Source Code Analysis

One of the most frustrating and potentially time-consuming stages of development is debugging and testing. Not only can analyzing source code manually be nearly impossible when dealing with several million lines of code, but there is a massive potential that human editors can miss something. The most common way of avoiding this is to implement source code analysis into the development pipeline.

Read More

Web App Pentest

Web Application Penetration Testing

Web application penetration testing is an integral part of assessing applications for potential security threats. Companies rely on customer-facing web applications to hold sensitive data and allow people to perform sensitive tasks in real-time. To avoid security issues, some companies depend solely on vulnerability scans which are limited in their ability to identify threats and potential issues. While vulnerability scanning certainly has its place in a secure development life-cycle, it leaves much to be desired in terms of an in-depth security assessment.

Pensive Security takes security testing several steps further with dedicated web app penetration testing (or “pentesting”), which helps identify threats or gaps in the application that could be vulnerable to cyber-attacks. This guide will take a detailed look at web application penetration testing and what it means for your business.

Read More

Pentest

Five Benefits of Penetration Testing

Do you want to be sure that your company infrastructure remains resilient to sophisticated attacks? With all the bold claims security devices and tools make today, it’s easy to assume that your infrastructure is impenetrable. However, even companies with the best security practices perform regular penetration tests to ensure their environment holds up against real-world attacks.

Pensive Security offers cutting-edge penetration testing to ensure applications, networks, and cloud infrastructures can handle complex and creative attacks from hackers trying to get into your systems. We regularly carry out pentests for companies of all sizes and ensure that your security controls are present and working as intended. We use a team of certified professionals and provide comprehensive reports that make it straightforward for teams to make needed changes to your security systems.

Not sure what penetration testing is all about? This article will delve into the five key benefits of penetration testing and why you might need it for your company.

Read More

Mobile Pentest (Image Adapted from OWASP MATG)

What Is Mobile App Security Testing?

Mobile devices accounted for 52.6% (Statista, 2019) of Internet traffic in 2019. With 5G technology emerging, this is predicted to increase fivefold by the end of 2024 (https://www.ericsson.com/en/5g/what-is-5g).

Mobile applications are becoming ever more prevalent in our daily lives, and many services are moving to a mobile-first strategy.

Read More

OWASP ASVS

OWASP Application Security Verification Standard (ASVS)

Over the years, we’ve had multiple clients come to us and mention that they had a previous “penetration test” or “vulnerability assessment” performed only to receive a report containing only vulnerability scanner results, like OpenVas or Nessus.

While those reports are undoubtedly useful, they don’t replace the depth and coverage that a high-quality penetration test or vulnerability assessment provides.

To help standardize application security testing, OWASP has created a standard called ASVS (Application Security Verification Standard).

Read More

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×