The Cyber Threat Perspective
Episode 128: The Most Common External Pen Test Findings—And How to Fix Them
Mar 21, 2025
The discussion highlights common security findings from external penetration tests, particularly concerning outdated web libraries and plugins like those in WordPress. The hosts review key tools for testing web applications, stressing the importance of manual validation. They delve into web vulnerabilities, emphasizing the impact of cross-site scripting and the necessity of strong security protocols. The conversation also covers how to secure identities in Microsoft 365 and the risks associated with exposing SSH and RDP servers to the internet.
34:57
AI Summary
AI Chapters
Episode notes
Podcast summary created with Snipd AI
Quick takeaways
- Outdated web libraries and plugins, particularly in popular frameworks, are common vulnerabilities that require constant vigilance for updates and manual validation.
- TLS and SSL certificate issues, including expired or self-signed certificates, undermine user trust and must be addressed to maintain online credibility.
Deep dives
Common Pen Test Findings
Outdated web libraries, particularly JavaScript libraries and WordPress plugins, emerge as frequent issues in external penetration tests. These libraries can quickly become vulnerable, as attackers often target the most popular ones due to their widespread usage. Tools like WP Scan, Burp Suite, and Wappalizer help identify these vulnerabilities, but manual validation is necessary to confirm their existence. Internally hosted websites and third-party hosted platforms often present additional management challenges, as ensuring all components are updated requires constant vigilance.
Remember Everything You Learn from Podcasts
Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
