-
Security testing an LLM application, beyond "try some prompt injection"
A practical scope for assessing applications built on large language models — the attack surface that isn't the model, plus where the OWASP LLM Top 10 actually applies.
-
PCI DSS v4.0.1 a year after the deadline: the requirements teams still struggle with
The future-dated PCI DSS v4 requirements became mandatory on 31 March 2025. A year on, the same handful of controls — payment page scripts, targeted risk analyses, MFA everywhere — keep showing up as gaps in assessments.
-
What a good penetration test actually looks like
A buyer's guide to penetration testing — how scoping, rules of engagement, methodology, and reporting separate a real assessment from an automated scan with a logo on it.