Benjamin Franklin once said, “an investment in knowledge always pays the best interest.”

These days, Mac-based corporate environments can be likened to the Tooth Cave Spider.

(And Why I Did It) For those of you who work in web application security, maybe you’re familiar with Burp.

Make pen testing easier while delivering a better report to your client. For testers in the application security (AppSec) arena, you know that we examine a lot of different areas, including authentication, authorization, encryption, logging, and so on, making for what’s become a staple in this job—the large lists of technical checks that grow even longer every time new issues are discovered and then added for testing. If you’ve worked in AppSec, you know that these tests can make for quite the effort, depending on the complexity of the app you’re working in.

During a penetration test, the Schellman team often works with development teams, administrators, risk and compliance professionals and information security personnel; however, the initial point of contact for a penetration test may be an individual that isn’t any of those. More and more, someone from the product or procurement team may have the responsibility—or shared responsibility—of having a penetration test performed. While these individuals may understand a timeline for a specific task, they likely do not have full visibility into the entire project. Such circumstances, among others, can trigger one of the biggest challenges frequently seen in planning pen tests—timing.

Overview Offensive Security has released several new courses recently, including Evasion Techniques and Breaching Defenses (PEN-300), which primarily focuses on “penetration tests against mature organizations with an established security function.” After reading that overview on the website, I was excited to take on the challenge and expand my knowledge base in preparation for obtaining the OSEP certification.