SecureState Blog

Read SecureState's award winning blog.

Introduction to the Defensive Readiness Program (DRP)

Every year, SecureState performs hundreds of penetration tests, providing our clients with critical insight into their respective security postures and exposure to risk.  Over the last few years, our Attack & Defense Team has witnessed an increasing number of compromises resulting from a common set of attack vectors.  A thorough analysis of this collected data has yielded SecureState’s Top 5 Attack Vectors list:

- Weak Passwords

- Web Management Console

- SQL Injection (SQLi)

- Missing Patches / Updated

- Other – [Social Engineering (Phishing), System Misconfiguration, Ect.]

Low hanging fruit - methods of compromise

A solid understanding of these vectors allows an organization to properly implement appropriate defensive measures to defend against these types of attacks.  Within the penetration test report, our Attack & Defense Team not only provides long term strategic recommendations, but also short term tactical recommendations as well.  In our experience, it is rare for an organization to implement the changes, either within the environment or in the security program; as a result, the organization’s security posture decreases while exposure to risk increases.

What value does a penetration test provide an organization if the same attack vectors are found year after year?

Having this valuable data in hand, SecureState strongly encourages organizations to apply the knowledge gained from the Top 5 Attack Vectors research into their defensive program.

How confident are you that our team would not gain access to your environment utilizing one of these attack vectors?

By considering these Top 5 Attack Vectors prior to having a penetration test conducted, an organization will not only increase their security posture as a whole, they will also substantially reduce their level of risk.  Having this knowledge beforehand allows an organization to strengthen their defenses. Also, it allows the penetration testers the ability to focus on the much more difficult, and often overlooked, areas of weakness by diving deeper into your environment.  As a result, the penetration test becomes not only a report with Strategic and Tactical goals, it becomes a window into truly understanding the real risks your organization faces.