Services
Services
SOC & Attestations
SOC & Attestations
Payment Card Assessments
Payment Card Assessments
ISO Certifications
ISO Certifications
Privacy Assessments
Privacy Assessments
Federal Assessments
Federal Assessments
Healthcare Assessments
Healthcare Assessments
Penetration Testing
Penetration Testing
Cybersecurity Assessments
Cybersecurity Assessments
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
ESG & Sustainability
ESG & Sustainability
Industry Solutions
Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Higher Education & Research Laboratories
Higher Education & Research Laboratories
About Us
About Us
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility
Strategic Partnerships
Strategic Partnerships

Blog

The Schellman Blog

Stay up to date with the latest compliance news from the Schellman blog.

Cory Rey

Cory Rey is a Lead Penetration Tester with Schellman where he is primarily focused on performing penetration tests for leading cloud service providers. With expertise in Application Security, he frequently identifies vulnerabilities overlooked by organizations. Prior to joining Schellman, Cory worked as a System Administrator specializing in Linux based Web Hosting environments.

Blog Feature

Penetration Testing

By: Cory Rey
March 2nd, 2023

The world of information security is ever-evolving as further innovation and development continue to drive the market forward. Web applications are no exception, but as they grow more complex with the addition of new features and supporting technology, so do their attack surfaces. Sometimes, it can feel like the latest risk to your web application is seemingly around the corner, and really, that might be true—it’s become more important than ever to maintain a good security posture.

Blog Feature

Penetration Testing

By: Cory Rey
November 16th, 2022

When conducting a web application penetration test, cross-site scripting (XSS) is one of the most common vulnerabilities identified by testers—it stems from an application’s lack of sanitization when certain characters are rendered from user-controlled input.

Blog Feature

Penetration Testing

By: Cory Rey
February 11th, 2022

Benjamin Franklin once said, “an investment in knowledge always pays the best interest.”

Blog Feature

Cybersecurity Assessments | Penetration Testing

By: Cory Rey
January 14th, 2020

The Importance of the DMARC Record - Protecting Your Domain Against Spoofing Attacks These days, it has never been easier to establish an online presence, and having your own domain is a key component of that. However, with great domain ownership comes great responsibility, as do the problems that can follow your presence. As such, when managing individual DNS records, all users should stay up to date on the latest trends with regards to safeguarding their domain’s reputation, as well as all the persistent problems that come with online communication. Spoofing is one of those age-old issues when using e-mail as a contact protocol, and when it comes to spoofing protection, Sender Policy Framework (SPF) and Domain Keys Identified Mail (DKIM) are usually identified as a consistent “best practice” standard. However, they themselves are not enough to prevent modern spoofing techniques, even if both of these DNS records are both useful in their own way.

{