Pentesting and Bug Bounties

Summary

The content provides insights into penetration testing, cloud security assessments, and bug bounties through a series of articles by Teri Radichel, emphasizing the importance of effective security testing and the value it brings to cybersecurity.

Abstract

The webpage presents a collection of articles written by Teri Radichel, focusing on various aspects of cybersecurity, including penetration testing, cloud security, and bug bounties. Radichel shares her expertise through stories and case studies, offering guidance on selecting security testing partners, initiating tests, and utilizing test results effectively. The articles cover topics such as the limitations of traditional pen-testing techniques in cloud environments, the role of security scans, and the evaluation of security products and supply chains. Additionally, Radichel discusses the timing of penetration tests, the assessment of cloud compromise risks, and the comparison between bug bounties and penetration testing. The content also touches on the author's credentials, including her certifications and awards, and provides options for readers to engage with her work, such as signing up for her email list, following her on social media, or hiring her for security assessments and consulting.

Opinions

Teri Radichel advocates for a nuanced approach to security testing, emphasizing the need for effective methods beyond traditional penetration tests.
She suggests that the timing of penetration tests is crucial and provides advice on when it is most beneficial to conduct them.
Radichel points out that some common penetration testing techniques are ineffective in cloud environments like AWS.
She stresses the importance of assessing security products and supply chains thoroughly, including evaluating the people behind these products.
The author highlights the value of bug bounties as a complementary approach to penetration testing, each with its pros and cons.
Radichel cautions against a false sense of security that may arise from incomplete security scans and emphasizes the need for comprehensive coverage.
She encourages proactive recognition and reporting of potential security problems, citing the challenges people face in doing so.
Radichel's content suggests that continuous learning and adaptation are essential in the field of cybersecurity, as evidenced by her own pursuit of advanced certifications like the SANS GSE.

About Teri Radichel: ~~~~~~~~~~~~~~~~~~~~ ⭐️ Author: Cybersecurity Books ⭐️ Presentations: Presentations by Teri Radichel ⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty ⭐️ Certifications: SANS ~ GSE 240 ⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec ⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab

Need Help With Cybersecurity, Cloud, or Application Security? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 🔒 Request a penetration test or security assessment 🔒 Schedule a consulting call 🔒 Cybersecurity Speaker for Presentation

Follow for more stories like this: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ❤️ Sign Up my Medium Email List ❤️ Twitter: @teriradichel ❤️ LinkedIn: https://www.linkedin.com/in/teriradichel ❤️ Mastodon: @teriradichel@infosec.exchange ❤️ Facebook: 2nd Sight Lab ❤️ YouTube: @2ndsightlab

Pentesting and Bug Bounties

Stories about penetration testing, cloud pentesting, security testing, and cloud security assessments by Teri Radichel

I’m a Hacker

What does that mean anyway?

pentesting. Pentesting. PENTESTING.

New year’s resolutions

Testing your cybersecurity

Penetration tests, assessments, audits, and bug bounties

Effective security testing

Selecting a partner for penetration testing, assessments, or audits and initiating a test.

Getting value from security testing

What did you do with that penetration test, audit, assessment, or bug bounty report?

Real World Cloud Compromise

Sample Findings from 2nd Sight Lab Penetration Tests

Best time to get (and NOT get) a penetration test

As I’m wrapping on an AWS cloud and application penetration test…

Why one of your favorite pen testing techniques doesn’t work on AWS

One of the first techniques I learned for penetration testing was something called Arp Cache Poisoning…

A C2 Channel on WordPress to Access AWS IAM Role Credentials

ACM.8 Your applications are the gateway to your cloud

Testing your cybersecurity

Penetration tests, assessments, audits, and bug bounties

Better testing for better outcomes

Infrastructure, disaster recovery, product, and penetration testing

Mapping Network Attack Paths

Leveraging cloud APIs to identify network risks

The Unrequested Penetration Test

Vigilante security researchers or attackers may give you a penetration test whether you wanted one or not.

Security Product Evaluations

Which product will solve my security problem?

Security Product Assessments

ACM.147 Posts by Teri Radichel on security assessments for security products, vendors and supply chains

Assessing Supply Chains ~ The People

When assessing potential products include a review of executives, technical staff, investors, and board of directors

Cybersecurity Assessments & Projects

How to get help with your your next cybersecurity initiative

Bug Bounties Versus Penetration Testing

Pros and Cons of different types of cybersecurity testing services

False Sense of Security

Are your security scans getting the coverage you need?

Fixing cybersecurity findings that disrupt your business

Like finally fixing the cracking beam in a 100+ year old house where I work

Before You Open the Cloud Account

Multicloud.3 Assessing your vendors for security gaps and risks

Best time to get (and NOT get) a penetration test

undefined

Do you recognize a potential security problem when you see one?

How long it takes to report a problem and why people give up

LLDP on Ubiquiti UDM Pro Causing Network Glitches?

Random issues with network cutting out and attacks on LLDP

Your Website Got an F in Security

Let’s look at that F and what it actually means — when it matters and when it does not

Different Types of Man-In-The-Middle Attacks

ACM.297 Different points of MITM attack and how they can affect victims and websites

Configuring SSH to Protect Against the Terrapin Attack on AWS EC2 Amazon Linux Instances

Patch OpenSSH — AND — Disallow insecure connections by removing them from your configuration

The SANS GSE

What’s it like to take one of the hardest cybersecurity certifications in the industry — and pass!