The Cyber Threat Perspective cover image

The Cyber Threat Perspective

Episode 45: Our Most Common External Pen Test Findings

Jun 14, 2023
Tyler and Brad delve into the most frequent vulnerabilities found during external penetration tests. They unpack user enumeration issues on law firm websites and the risks of exposing personal information. The conversation shifts to cross-site scripting vulnerabilities, stressing the dangers of outdated web libraries. They also analyze security flaws in WordPress and the critical need for patch management. Finally, they highlight how implementing DMARC records can significantly bolster email security against attacks and domain misuse.
21:08

Podcast summary created with Snipd AI

Quick takeaways

  • User enumeration and the gathering of personal data from public sources significantly increase the risk of tailored cyber attacks, particularly affecting law firms.
  • Despite being a longstanding issue, cross-site scripting remains prevalent in web applications, often exacerbated by poor patch and vulnerability management practices.

Deep dives

Common External Pen Test Findings

User enumeration is frequently encountered during external penetration tests, particularly in law firms that publicly list their lawyers' email addresses. This practice can lead to easy exploitation, as attackers can harvest sensitive information directly from the HTML of the website. Similarly, personal information about individuals from various public sources contributes to security vulnerabilities, as this data can often serve as answers to security questions used elsewhere online. Many organizations underestimate the risks associated with publicly available information, enabling malicious actors to craft more convincing attacks.

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.
App store bannerPlay store banner

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode