We are going to say something unusual for a security company: “Your next penetration test might not need us”. If an assessment scope fits the narrow circumstances in which AI‑powered tools operate, current tools deliver fast and affordable vulnerability discovery. We track them closely, we respect what they do, and in...Read more...

Most organizations we speak to treat the pre-TLPT period as a waiting room.
They know a TLPT is coming. They know roughly when. And they assume that when the time comes, they will bring in the right party, run the test, and handle whatever comes out of it. That is not the best plan.
Here is what actually happens to...Read more...

Most financial institutions that fall under DORA will need to conduct their first Threat-Led Penetration Test within the next few years.
Most of them are not ready.
Not because they lack security, many have solid defenses in place. But because a TLPT is not a test you pass by having good security. It is a test you...Read more...

Over the past few weeks, there has been a great deal of attention on the MIAUW framework. We recently published a blog about this. Previously, we also wrote a similar article about the CCV Pentesting Quality Mark(Dutch only). These frameworks provide structure and guidance for clients and suppliers alike, and are...Read more...

The Dutch central government has announced its intention to conclude a framework agreement for penetration testing around mid‑2026. The tender and the resulting framework agreement will be based on the MIAUW methodology. According to ICT Magazine, the MIAUW methodology is intended to put an end to the “magic and...Read more...