Contact Us
Services
Services
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Services
AI Services
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships

Blog

The Schellman Blog

Stay up to date with the latest compliance news from the Schellman blog.

Blog Feature

Penetration Testing

By: Mike Finkel
September 3rd, 2025

As a penetration tester, few things are more frustrating than firing up Burp Suite, configuring your proxy, and then watching Java applications completely ignore your interception attempts. While web browsers play nice with proxy certificates, Java applications seem determined to make your life difficult.

Blog Feature

Penetration Testing

By: Josh Tomkiel
August 26th, 2025

After nearly a decade of leading penetration testing engagements and growing our team from one tester to 43 professionals, we've learned that the questions you ask during vendor selection can determine whether you'll receive genuine security value and a successful engagement, or just frustrating checkbox exercises.

Blog Feature

Penetration Testing

By: Josh Tomkiel
June 24th, 2025

Anytime you're scrolling through cybersecurity news, you’re likely to come across another headline about a data breach featuring quotes from the latest targeted company explaining why their customers’ personal information is now floating around the dark web. And then that familiar knot in your stomach creeps in asking the same question: "Could this happen to us?"

Blog Feature

FedRAMP | Penetration Testing

By: Tim Campbell
April 9th, 2025

It's been an exciting past few years for the Schellman penetration testing team. Throughout 2024, our team worked with over 150 clients to support their efforts in securing their businesses. As a lead assessor in the FedRAMP marketplace, Schellman prides ourselves in being able to assess our clients’ systems and helping to identify the vulnerabilities they may have.

Blog Feature

Penetration Testing

By: Austin Bentley
March 26th, 2025

Your IoT devices sit on your client’s networks. They may even sit there for years without the ability to obtain software updates. Your clients may even expose these devices directly to the Internet with no network firewall in place. All the same, your clients still expect these devices to always be available and secure. Before deploying these devices, your team should consider a IoT/hardware penetration test. However, before you begin this process, let’s discuss the uniqueness of this style of engagement, followed by traps to look out for when selecting a provider.

Blog Feature

Penetration Testing

By: Austin Bentley
March 11th, 2025

In any information security program, mobile applications should be considered for inclusion in penetration tests. No matter the size of an application, it may serve as an avenue of attack against your environment or users and the threat potential of these applications is similar to that of web applications. In fact, some mobile apps are effectively web apps with a wrapper while others utilize a unique frontend, but with a backend web API.

Blog Feature

Education | Penetration Testing

By: Francis Kim
March 3rd, 2025

What is the Offensive Security Certified Professional (OSCP) Certification? The Offensive Security Certified Professional certification, or OSCP, is an ethical hacking certification that demonstrates proficiency in penetration testing using Kali Linux tools. This test can be undeniably grueling if you are ill-prepared, with nearly 24 hours of hands-on keyboard hacking followed by another 24 hours of documentation/report writing.

Blog Feature

Penetration Testing | Red Team Assessments

By: Austin Bentley
February 25th, 2025

You may feel confident that your organization has a mature cybersecurity program if you’re able to thwart the vast majority of threats through established practices and procedures. However, despite those efforts, even amongst the most secure of organizations there is still the ever-looming threat of the legendary Advanced Persistent Threat (APT). Furthermore and unfortunately, it’s difficult to ascertain if you’ve been compromised by one. Thankfully though, it is possible to simulate an external APT attempting to breach your organization’s perimeter through a red team exercise.

{