Blog

Security Insights

Deep dives, expert analysis, and practical guidance on exposure management, adversarial validation, and the future of AI-driven exposure management.

OWASP

Understanding the OWASP Top 10 Application Vulnerabilities

The OWASP Top 10 is a globally recognized guide to the most critical web application security risks. Compiled by industry experts, it highlights vulnerabilities like broken access control, cryptographic failures, and injection attacks, issues that put sensitive data and business operations at risk.

Aug 13, 202419 min

Penetration Testing

Automated vs Manual Penetration Testing: Which One Do You Need?

Automated testing is fast and broad; manual testing is deep and creative. Here is how they differ, the bugs only humans catch, and why the best programs blend both.

Aug 13, 20245 min

Offensive Security

Securing from Active Directory Attacks

Active Directory (AD) lies at the heart of your organization's Windows network, silently orchestrating user access, authentication, and security. But do you truly understand its workings and the potential risks posed by active directory attacks? This blog peels back the layers of AD, revealing its c

Aug 6, 20248 min

CASM

How Strobes Uses CASM Security to Uncover Hidden Cloud Risks

The cloud has revolutionized how businesses operate, offering unprecedented agility and scalability. However, this rapid adoption has also introduced a new wave of security challenges. CASM Security plays a crucial role in addressing these risks. A recent Checkpoint cloud security report underscores

Aug 5, 20249 min

Data Breaches

Data Breaches for the Month July 2024

Every month, we witness a significant rise in data breaches, underscoring the increasing importance of robust cybersecurity measures. At Strobes, we meticulously track these security events to provide comprehensive insights and analyses. In this blog, we focus on the key breaches of July 2024, offer

Jul 31, 20244 min

CVEVulnerability Management

Top CVEs of July 2024: Key Vulnerabilities and Mitigations

July 2024 has surfaced a series of significant vulnerabilities that could compromise the security of many organizations. From Bamboo Data Center flaws to critical issues in ServiceNow, these vulnerabilities present serious risks. This blog explores the top five CVEs of the month, providing detailed

Jul 31, 20246 min

Penetration TestingVulnerability Scanning

Penetration Testing vs Vulnerability Scanning: Key Differences

A vulnerability scan tells you what might be wrong; a penetration test proves what an attacker can actually exploit. Here is the difference, shown side by side on the same finding.

Jul 29, 20245 min

Penetration Testing

How much does a penetration test cost?

Curious about how much penetration testing costs? You understand its importance, but budgeting for different pentests can be a challenge. This blog post will guide you through the intricacies of penetration testing pricing, helping you make informed decisions for your organisation. We'll explore var

Jul 17, 202425 min

Vulnerability Management

Vulnerability Management Lifecycle: The Ultimate Guide to Business Security

63% of organizations faced cyberattacks due to unpatched vulnerabilities, yet leading companies stay ahead with a strong Vulnerability Management Lifecycle (VML). This structured process helps identify, prioritize, and remediate risks across IT assets, reducing exposure and strengthening resilience.

Jul 16, 202427 min

Penetration Testing

Black Box vs White Box vs Gray Box Penetration Testing

Black box, white box, and gray box describe how much a tester knows before they start. Here is how each changes coverage, cost, and realism, with the bugs each one quietly misses.

Jul 14, 20246 min

Vulnerability Management

CVSS Score: A Comprehensive Guide to Vulnerability Scoring

What is a CVSS score? Understanding the Why: The Need for CVSS 4 CVSS Metrics CVSS Base Metrics CVSS Temporal Metrics CVSS Environmental Metrics Is the CVSS score enough for vulnerability management? What to Use Alongside CVSS Scores? Take your Vulnerability Management to the Next Level What is a CV

Jul 4, 202413 min

CVE

OpenSSH regreSSHion (CVE-2024-6387): A Blast from the Past with Critical Repercussions

OpenSSH, a crucial tool in secure communications, has recently been impacted by a critical vulnerability identified as CVE-2024-6387, also known as "regreSSHion." This blog will provide an overview of the vulnerability, its exploitation methods, and strategies for mitigation. OpenSSH (Open Secure Sh

Jul 2, 20246 min