Services
Services
SOC & Attestations
SOC & Attestations
Payment Card Assessments
Payment Card Assessments
ISO Certifications
ISO Certifications
Privacy Assessments
Privacy Assessments
Federal Assessments
Federal Assessments
Healthcare Assessments
Healthcare Assessments
Penetration Testing
Penetration Testing
Cybersecurity Assessments
Cybersecurity Assessments
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
ESG & Sustainability
ESG & Sustainability
Industry Solutions
Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Higher Education & Research Laboratories
Higher Education & Research Laboratories
About Us
About Us
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility
Strategic Partnerships
Strategic Partnerships

The Schellman Blog

Stay up to date with the latest compliance news from the Schellman blog.

Blog Feature

Cybersecurity Assessments | Payment Card Assessments

By: JOE O'DONNELL
May 16th, 2023

One of the latest intriguing developments in the field of artificial intelligence (AI) is ChatGPT—a natural language chatbot that answers questions submitted by a human user. It’s taken off in such a way that many are using ChatGPT to assist in streamlining their writing needs, but how helpful is the bot, really?

Blog Feature

Cybersecurity Assessments

By: Sully Perella
April 18th, 2023

In the legendary Lord of the Rings series, leaders from different societies create a fellowship of nine different people tasked with saving Middle-Earth. The idea wasn’t originally to send nine, and there were obvious reservations about trusting some of the Fellowship with such a serious mission. (Looking at you, Pippin.)

Blog Feature

Cybersecurity Assessments

By: COLLIN VARNER
March 21st, 2023

Throughout history, warfare has evolved. The Romans did it one way, the Vikings did it another—Sun Tzu, Richard the Lionheart, and the Allied forces all had different tactics that forced opponents to adjust their defenses and strategies.

Blog Feature

Cybersecurity Assessments | Compliance and Certification

By: Schellman
February 2nd, 2023

So you’ve committed to an audit. Your customers were asking, or maybe a new regulation came into effect that your organization is now subject to—whatever the reason was, you’ve got to get audited because your audit team is confirmed.

Blog Feature

Cybersecurity Assessments

By: Rene Guerra
January 31st, 2023

When it comes to cybersecurity certifications, you have a lot of options, though the Certified Information Systems Security Professional (CISSP) stands out among them—it’s one of the most popular and recognized certifications in our industry, so much so that many companies require it as a prerequisite in their job postings or for promotion.

Blog Feature

Cybersecurity Assessments | Penetration Testing

By: Loic Duros
December 14th, 2022

Once again, we need to talk about Burp. At Schellman, we’ve talked about this tool before—on our penetration testing team, we use it a lot and it serves us well, including in our work with mobile applications. But that doesn’t mean there still aren’t situations where extra effort is required in order to get the job done. Our fellow pen testers all know that things evolve so quickly in our field that sometimes we must improvise a new technique to properly solve to the problems we run into. Stop me if you’ve heard this one before, but one such issue that we are seeing crop up more and more during mobile penetration tests has to do with intercepting traffic from an application. Each time we watch some of that traffic escape our data flow, we’ve found each instance difficult and puzzling, because it’s not a static problem—when it comes to intercepting traffic from mobile applications, the issues can range from common to complex. One of those trickier ones to troubleshoot as a tester is when you can see most of the general web traffic from the mobile device being tested as it goes to Burp, but you also see that none, or very little, of the traffic from the actual mobile app under test follows. When that happens, you probably also note that there are no TLS errors for the domain in scope in the Event log from the Burp dashboard, and that, at the same time, the app seems to be working well, performing requests and receiving data as expected—there’s no other problem, it’s just that some of that traffic has decided to shoot off to the Great Unknown rather than where you know it should be. Does that sound familiar? If you’ve been frustrated by this same problem before, welcome to the club. This article will seek to understand why this even occurs in the first place before laying out a potential solution we worked up to curb any traffic trying to escape your proxy. Read on, and next time said traffic tries to get away from you, you’ll be ready.

Blog Feature

Cybersecurity Assessments

By: BRYAN HARPER
November 22nd, 2022

These days, everyone understands how important it is to have health insurance. Many may even think of it as a safety net that will prevent the worst—after all, that’s what insurance is for, right?

Blog Feature

Cybersecurity Assessments

By: Schellman
November 7th, 2022

It’s that time again. If you weren’t already aware from the campaign calls & emails, the televised debates, and the social media storm, the latest American election is upon us.

{