👋 Hi guys! Does anyone here use a tool that actually checks for things like MFA, password reset policies, SSO, data encryption policies programatically?
For example, if a vendor claims that they have MFA enabled for all of their accounts, I have no way to check their settings myself during the procurement process. I can ask them, but they can lie.
I know there are a few tools that are form builders & CRM's for the vendor risk analysis process, but I'm not aware of any tools that let me verify or monitor a vendors compliance myself.
If theres nothing automated like I'm describing, then what are you currently doing to fact check the claims made in these certs/reports (eg. ISO 27001, SOC II, etc)? submitted by /u/marksalpeter
[link] [comments]
http://dlvr.it/T1kSf5
Full width home advertisement
Blog Archive
-
▼
2024
(445)
-
▼
January
(55)
- Project Manager without technical experience? I wo...
- Clicker — HackTheBox Machine Simple Writeup by Kar...
- IT, IS, Cybersecurity and/or InfoSec Audit
- Your Life in the Crosshairs of Cybersecurity Threats!
- Is hacking getting boring
- 5.7 Lab: Weak isolation on dual-use endpoint | 2024
- Top cybersecurity stories for the week of 01-22-24...
- How do you do Detection-as-Code?
- The art of learning bug bounty.
- SQL Injection on PostgreSQL
- How do you actually find bugs? (My 2 year experience)
- Does anyone know of a 3rd party vendor risk *monit...
- Making My First 10K by Hacking Open Source Targets
- Pivoting to pentesting/red teaming
- Login DoS — That requires simply sending a lot of ...
- Technology Consultant - Obsolescence and Security
- 52% of IT leaders will adopt GenAI tools for cyber...
- Top cybersecurity stories for the week of 01-15-24...
- Hydra Tryhackme: Walkthrough/Writeup
- AI is making cyber criminals dangerous with tools ...
- question for the younger folks in the 'biz, about ...
- Security tools behind Okta?
- Web Security Academy — Business Logic Vulnerabilit...
- The problem with most file encryption tools. A cas...
- SMTP Server (JAMES SMTP Server 2.3.2)
- Despite A Rise in Cyber Attacks, Many Users Still ...
- Aussie Small Business Owners – Join Our New Cybers...
- 3.2 Lab: File path traversal, traversal sequences ...
- Common obstacles to exploiting path traversal vuln...
- Seeking Insights from UK Businesses Conducting Cyb...
- Windows Exploitation Learning Path in TryHackMe
- Few consumers adopt cybersecurity tools, despite p...
- A Beginner’s Guide to Bug Hunting: Your Passport t...
- How AI Tools Are Revolutionizing Cybersecurity in ...
- Automating the Detection of Malicious URLs
- Subdomain Bruteforce Tool
- New York State Plans to Give Some Cities Free Cybe...
- Blind boolean-based SQLi, by manipulating url
- How to build a DLP program from the ground up?
- Paid Subscriptions Resources which will be useful ...
- Week in review: 15 open-source cybersecurity tools...
- Massive Data Breach Unveiled by Orrick Law Firm, A...
- The Art of Shodan
- Cybersecurity posture for AI app: a viable busines...
- My first bugs in 2024
- Survey Surfaces Lack of Confidence in Existing Cyb...
- Adding mTLS to legacy tools?
- 2.6 Lab: Broken brute-force protection, IP block |...
- 15 open-source cybersecurity tools you'll wish you...
- Inventory of assets - what tooling do you use?
- My First Bug Bounty: Lessons Learned and Money Earned
- Cybersecurity Toolbox: 10 Essential Tools for Ever...
- From Disclosure to High Severity: Leveraging Dyte ...
- Penetration testing?
- Simple Subdomain Takeover
-
▼
January
(55)
Advertisement
LIVE CYBERTHREAT
Latest Trends
Contact Form
amcat question search
search Pentest tools
Total Pageviews
Search Blog
Copyright 2017, " Vpentest ". All rights Reserved.
| Designed by Colorlib
No comments:
Post a Comment