Services
Services
SOC & Attestations
SOC & Attestations
Payment Card Assessments
Payment Card Assessments
ISO Certifications
ISO Certifications
Privacy Assessments
Privacy Assessments
Federal Assessments
Federal Assessments
Healthcare Assessments
Healthcare Assessments
Penetration Testing
Penetration Testing
Cybersecurity Assessments
Cybersecurity Assessments
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Industry Solutions
Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Learning Center
Learning Center
Articles
Articles
Whitepapers
Whitepapers
Case Studies
Case Studies
Events & Live Webinars
Events & Live Webinars
On-Demand Webinars
On-Demand Webinars
About Us
About Us
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility

Blog

The Schellman Blog

Stay up to date with the latest compliance news from the Schellman blog.

Blog Feature

penetration testing

By: Cory Rey
March 2nd, 2023

The world of information security is ever-evolving as further innovation and development continue to drive the market forward. Web applications are no exception, but as they grow more complex with the addition of new features and supporting technology, so do their attack surfaces. Sometimes, it can feel like the latest risk to your web application is seemingly around the corner, and really, that might be true—it’s become more important than ever to maintain a good security posture.

Blog Feature

penetration testing | SchellmanLife

By: JOSH TOMKIEL
December 21st, 2022

There’s a Latin proverb that says, “if the wind will not serve, take to the oars.” If you’ve ever hunted for a (new) job, you likely can relate. Of course, every workplace has its idiosyncrasies, but you need to find the “wind” that serves you best.

Blog Feature

penetration testing | SchellmanLife

By: JOSH TOMKIEL
December 6th, 2022

When you’re applying for a new job, you have your reasons—whether it’s to find a new challenge or to escape a toxic workplace, you want to trust that somewhere else will be better for you and your career. But when you’re sending off applications, it’s hard to know what you might be getting yourself into—most times, you won’t know until you’ve signed your new employment contract and are in (a new set) of weeds.

Blog Feature

penetration testing

By: Cory Rey
November 16th, 2022

When conducting a web application penetration test, cross-site scripting (XSS) is one of the most common vulnerabilities identified by testers—it stems from an application’s lack of sanitization when certain characters are rendered from user-controlled input. 

Blog Feature

penetration testing

By: Clint Mueller
October 27th, 2022

If you’ve ever created payloads for different pen testing or red team projects, you might have run into the problem that comes after bypassing antivirus/endpoint detection and response (AV/EDRs)—after successfully circumventing these, the code and techniques used only works for a few weeks or months before getting flagged as malicious. 

Blog Feature

penetration testing

By: Rene Guerra
October 4th, 2022

If you’re running a business online, you’re likely providing an application program interface (API) on your website that allows your customers or business partners to enter and retrieve data. At Schellman, we primarily see REST-based APIs, but we’ve also tested GraphQL and occasionally SOAP.

Blog Feature

penetration testing

By: JOSH TOMKIEL
September 13th, 2022

So, you’re investing in cybersecurity and are having a web application penetration test performed. No matter your reasons for doing so—whether you’re satisfying compliance requirements, a customer request, internally assessing your flagship service offering or confirming security policies—this is a great step towards strengthening your defenses.

Blog Feature

FedRAMP | penetration testing

By: JOSH TOMKIEL
August 18th, 2022

For the first time since 2017, the FedRAMP Project Management Office (PMO) has updated the Penetration Testing Guidance document.