My thoughts about Pentest vs Bug Bounty debate

I have been in pentesting and appsec business for a while. For the last 10 years, I am more or less involved in security assessments of various kinds. I have started as a junior security engineer in a large international firm, where I did my share of scanning and...

On the usefulness of Penetration Testing methodologies

On the usefulness of Penetration Testing methodologies https://xkcd.com/927/Let’s imagine for a moment how the “bad guys” are planning their attacks. In the dark basement with cyber-punk posters covering the graffiti on the walls, with a bunch of half-assembled...

Using NMap XML output

It is widely known that NMap is the most underestimated penetration testing tool out there, so in case you don’t use its XML output to full extent (as I did just a month ago), this post is for you. There is a whole section in NMap help dedicated to output formats....