Article in "One Magazine"

Analyzing 1000 pentesting reports from the STAN Project

As the One Conference approaches, Bureau Veritas Cybersecurity's cybersecurity experts Willem Westerhof and Paul Pols have shared their insights from Bureau Veritas Cybersecurity's STAN project on penetration testing. Their article has now been published in One Magazine.

Top 3 Vulnerabilities

Organizations are increasingly using penetration testing to bolster their cybersecurity. Pentesting reveals vulnerabilities, showing how attackers typically penetrate networks, escalate privileges, and move laterally to achieve different objectives from ransomware to espionage. Can a statistical analysis of pentesting reports offer deeper defensive insights for cyber defense?

Bureau Veritas Cybersecurity's STAN project seeks to answer this, analyzing over 1000 pentesting reports from 2021-2022, with more than 20 000 findings. Drawing from the insights of the STAN project, this article highlights the most commonly identified vulnerabilities through pentesting that enable cyber-attacks. The authors focus on the top three vulnerabilities in three key cyber defense domains: external infrastructure, web applications and internal networks.

Read the full article in One Magazine

About the authors

Willem Westerhof

Willem Westerhof is renowned for his in-depth IoT security research and as discoverer of the Horus Scenario. Sought by the Dutch Government for his expertise, he frequently speaks on platforms from SHA2017 to One Conference 2019. With 35+ CVEs to his name, Willem's impact on the cybersecurity landscape is undeniable.

Paul Pols

With master’s degrees in law, ethics, and cybersecurity, Paul is a distinguished ethical hacker. Formerly the technical advisor to the Investigatory Powers Commission for the security and intelligence services, he developed the Unified Kill Chain, teaches at the University of Leiden, and leads Ransomware Resilience at Bureau Veritas Cybersecurity.

More information

Would you like to learn more about Bureau Veritas Cybersecurity's STAN Project or our cybersecurity services? Please fill out the form and we will contact you within one business day.

First Name

Last Name

Company / Organization

Phone Number

Country

How can we help you?

I give permission to process my data as described in the Privacy Policy and agree to the Terms and Conditions.

I consent to let Bureau Veritas Cybersecurity use this data to provide me with additional information from their services, events or topics that may be of interest to me

ABOUT SECURA

Bureau Veritas Cybersecurity is a leading cybersecurity expert. Our customers range from government and healthcare to finance and industry worldwide. Bureau Veritas Cybersecurity offers technical services, such as vulnerability assessments, penetration testing and red teaming. We also provide certification for IoT and industrial environments, as well as audits, forensic services and awareness training. Our goal is to raise your cyber resilience.

Bureau Veritas Cybersecurity is a Bureau Veritas company. Bureau Veritas (BV) is a publicly listed company specialized in testing, inspection and certification. BV was founded in 1828, has over 80.000 employees and is active in 140 countries. Bureau Veritas Cybersecurity is the cornerstone of the cybersecurity strategy of Bureau Veritas.

Why choose Bureau Veritas Cybersecurity

Bureau Veritas Cybersecurity is your expert partner in cybersecurity. We help organizations identify risks, strengthen defenses and comply with cybersecurity standards and regulations. Our services cover people, processes and technology, ranging from awareness training and social engineering to security advice, compliance and penetration testing.

We operate across IT, OT and IoT environments, supporting both digital systems and connected products. With over 300 cybersecurity professionals worldwide, we combine deep technical expertise with a global presence. Bureau Veritas Cybersecurity is part of the Bureau Veritas Group, a global leader in testing, inspection and certification.