Oppenheimer vs Hinton? - Digital Threat Digest

You’ve heard of IP Addresses, you might even know what they are, but if you need to get a penetration test for your website or web application, why is your cyber security consultant asking about these as well?
When it comes to penetration testing your web applications, it’s important to include your public IP addresses in the scope and here’s why.
Web applications don’t exist in isolation. Their data is on a server (or servers) and so they rely on the server’s infrastructure and configuration to function. If that server is compromised, so is the web application, and that means all your data is vulnerable.
An IP Address is a unique series of numbers that identifies a device (in this case, the servers which host your web application) on a network. It is your identifier which allows information to be sent between devices.
Think about it like this: your device or server is like a house, and the public IP address is the address someone can write on a letter so that it can be delivered to your house. Essentially, without IP Addresses, we wouldn’t have the internet we know today because it wouldn’t be possible to send and receive information.
If a server using a public IP address isn’t secure, a malicious actor can trace your online activity. They can use malware or other attacks to gain access to your server and all the data it holds. Here are some of the vulnerabilities we’ve come across in penetration tests:
Overall, a weakness in the configuration of your server which is using a public IP address could lead to data breaches, malware distribution, data manipulation, and loss of business and customer trust.
Sometimes servers don’t belong to the organisations that own or manage a web application; they may be hosting it with a third-party, meaning that they have to get permission from the owners of the server for a penetration test. If permission is denied there is often a process where the third party can show you that the server is secure, and you can be reassured that your data is safe.
One of the most common attack vectors which will be exploited by a threat actor is cyber security weaknesses within third parties and the supply chain. Here are some ways you can mitigate those risks when penetration testing is not available:
If you have any questions about Web Application Penetration Testing and/or public IP address, or you would like to learn more about our other Penetration Testing services, please get in touch with us.
Over the years, we have developed a range of content with the aim of educating organisations on cyber security threats and helping them defend their assets and reputation, so for us every month is Cyber Security Awareness Month.
On 26 September, Semafor published a lengthy article written by Jay Solomon claiming that a series of Iranian-American analysts and advisors to the Biden administration had been compromised as part of a long-running Iranian influence operation.
These days, there seems to be a variety of digital technologies on the horizon that are poised to disrupt the way we live our everyday lives.