OWASP Application Security Verification Standard (ASVS)

Over the years, we’ve had multiple clients come to us and mention that they had a previous “penetration test” or “vulnerability assessment” performed only to receive a report containing only vulnerability scanner results, like OpenVas or Nessus.

While those reports are undoubtedly useful, they don’t replace the depth and coverage that a high-quality penetration test or vulnerability assessment provides.

To help standardize application security testing, OWASP has created a standard called ASVS (Application Security Verification Standard).

Read More

Add Mailchimp Subscribe Modal to your Hexo Blog

If you use Hexo for your blog, you know how easy it is to create a beautiful and user-friendly experience for your followers. Even better, Hexo is entirely open-source, which means you are free to customize the code to work best for your needs.

We’ve known for a while that we need a clean way for new visitors to subscribe to our blog. We put it off because we imagined a significant design and implementation effort to integrate it into our MailChimp email list.

Bri loves tinkering with open-source code, and she recently discovered a straight-forward way to modify our Hexo theme (Minos) and allow new visitors to subscribe to our mailing list.

Ready to add this functionality to your blog? Read on!

Read More

January 2021: Cybersecurity Roundup

This past month in cybersecurity:

1. FireEye Released Technical Details Related to SolarWinds
2. FBI Seizes NetWalker Ransomware
3. Emotet Malware Network Dismantled By Police
4. New Zealand Central Bank Suffered Data Breach
5. Mimecast Products used to Spy on Customers

Read More

Quick Summary

Cit0day had a massive data breach in November 2020, which leaked credentials for over twenty thousand websites. It is more complicated than usual to determine which credentials you need to change because there were so many websites involved in the breach.

You can use a tool we created to check which domains you need to change your password for.

Just navigate to the following link and follow the instructions:

https://passcheck.pensivesecurity.io

Read More

December 2020: Cybersecurity Roundup

This past month in cybersecurity:

1. Multiple US Government Agencies Hacked
2. Swatting “pranks” via Smart Home Devices
3. Cyberattacks Against Vaccine Distribution Operations
4. 45 Million Medical Images Openly Accessible Online
5. Baltimore County Schools Ransomware

Read More

November 2020: Cybersecurity Roundup

This past month in cybersecurity:

1. Chase Unlimited Reward Point Vulnerability
2. Apple lets some Big Sur Network Traffic Bypass Firewalls
3. Cit0day Leaks 23,618 Hacked Databases
4. Tesla Model X Key Fob Hack
5. Hacked Crypto Exchange KuCoin Recovery

Read More

Network Vulnerability Scanner Built On Raspberry Pi

We recently developed a plug-and-play vulnerability scanner built on a Raspberry Pi. And by plug-and-play, we actually mean that; you plug in the Raspberry Pi to your router, and within a few hours, you will receive an OpenVas network vulnerability report to your email.

For those that thought “YUM!” when mentioned above, a Rasberry Pi (RPi) is actually a single-board computer that costs around $100 and can be used for a vast range of applications, including home automation and education. If a fruity pastry had the same capabilities, that would be an impressive, albeit slightly expensive, treat!

The entire project is open source, and once you buy the device and peripheral set-up equipment, the scanner is FREE to run as many times as you want! This article will walk you through the “why” you’d want this and “how” you can create your own home network vulnerability scanner. Let’s jump in!

Read More

October 2020: Cybersecurity Roundup

This past month in cybersecurity:

1. October is Cybersecurity Awareness Month
2. T2 security chip on Macs can be hacked
3. ‘Security of your vote has never been higher’
4. CLEAR, expedited security, expanding to a holistic identity verification platform
5. Data breach at Barnes & Noble

Read More

September 2020: Cybersecurity Roundup

This past month in cybersecurity:

1. Space Policy Directive-5 Cybersecurity Principles for Space Systems
2. Zerologon Windows Vulnerability
3. Woman Dies During a Ransomware Attack on a German Hospital
4. New Bluetooth Vulnerability aka BLURtooth
5. #Instagram_RCE Code Execution Vulnerability in iOS/Android App

Read More

Click here to try it out now!

The One about the Backstory

Bri and I used to love watching F·R·I·E·N·D·S on Netflix, but starting at the beginning of 2020, NBC decided to end their contract with Netflix and move the show to HBOMax instead.

Unfortunately, we don’t have HBOMax, and we’re unwilling to shell out the additional $15-a-month to watch a show we’ve already seen at least 3 times through.

However, we are willing to pay $65-a-month for YouTube TV because we love watching live sports like this month’s Tour de France. Even better, YouTube TV has unlimited DVR, which has proven to be the best feature of the whole service.

The best part about YouTube TV’s DVR is that you can navigate to a show you want to record (like Friends) and add the entire show to your DVR. Then, as episodes of your show air, it will automatically be added to your DVR.

Using this method, we have collected every episode of Friends in our YouTube DVR using a single button.

Read More