The Schellman Blog

When conducting a web application penetration test, cross-site scripting (XSS) is one of the most common vulnerabilities identified by testers—it stems from an application’s lack of sanitization when certain characters are rendered from user-controlled input.

According to a recent ISO survey, ISO/IEC 20000-1:2018 (ISO 20000-1) saw a 50% increase in worldwide certificates year over year. But when you think about ISO certifications, you likely think of the incredibly popular ISO 27001 standard or the new AI management standard, ISO 42001—not ISO 20000-1. So, why has the standard seemingly, suddenly shot to more prominence?

Consider sugar and salt—both are “spices” of a kind, and since they’re both often in the form of fine white grain, they look similar as well. So similar in fact, you might mistakenly switch one in for the other, setting yourself up for quite the surprise at first bite.

It’s that time again. If you weren’t already aware from the campaign calls & emails, the televised debates, and the social media storm, the latest American election is upon us.

If you’re a parent, you’ve likely had the debate in the car with your young kids—they want to stop for McDonalds and you tell them, “we’ve got food at home.” From their perspective, they want what they want, but from yours, you understand you’ve already made an investment in perfectly good food at the grocery store, and you’re not about to spend any more money that you don’t have to.

Tampa-based Schellman, a leading provider of cybersecurity attestation and compliance services, announced today that President and CEO Avani Desai, has signed the CEO Action for Diversity & Inclusion™ commitment as part of the organization’s effort to increase diversity, equity, and inclusion in the workplace.

Did you know that we’ve just come to the end of National Cybersecurity Awareness Month?

If you’ve ever created payloads for different pen testing or red team projects, you might have run into the problem that comes after bypassing antivirus/endpoint detection and response (AV/EDRs)—after successfully circumventing these, the code and techniques used only works for a few weeks or months before getting flagged as malicious.