For all your Internet services including Facebook, Twitter, LinkedIn, Google, Apple, Microsoft
It significantly improves security of your accounts
Do not use the traditional SMS verification, it is not secure enough
always prefer two-factor authentication (2FA)
Install Google Authenticator or Authy
Use secure password managers
Most people are not able to remember most of their passwords and passphrases
Using secure password managers is always a better idea than write your password to the text file or to the paper
The most advanced and secure are Dashlane, LastPass, KeyPass
Remember just one strong passphrase (and optionally enable 2FA)
What is a penetration test?
A method of evaluating the security of a computer system or network by simulating an attack by a malicious hacker
Involves an active analysis of the system for any weaknesses, technical flaws or vulnerabilities and exploitation
OSSTMM methodology or OWASP Testing Guide is used
Black box - a zero-knowledge attack - no relevant information about the target environment is provided, the most realistic external penetration test
White box - a full-knowledge attack - all the security information related to an environment and infrastructure is considered
Grey box - a partial-knowledge attack
Discovery - information about the target system is identified and documented (WHOIS service, public search engines, domain registrators, etc.).
Enumeration - using intrusive methods and techniques to gain more information about the target system (port scanning, fingerprinting).
Vulnerabilitymapping - mapping the findings from the enumeration to known and potential vulnerabilities.
Exploitation - attempting to gain access through vulnerabilities identified in the vulnerability-mapping phase. The goal is to gain user-level and privileged (administrator) access to the system (custom exploit scripts or exploit frameworks are used).
Standard Web Application Test
Reveal as much as possible the most critical security vulnerabilities in the web application/web server during 3 days
Exploit them and gain privileged access if it is possible
Reveals the most serious vulnerabilities (SQL/LDAP injections, XSS/CSRF, buffer overflows, business logical flaws, authentication bypass, local file inclusions)
Provides a technical report with an executive summary, all revealed vulnerabilities, risk levels, and recommendations.
Due to manual inspection, the test is highly recommended when you automatized security scanners have already failed.
Comprehensive Web Application Audit
The most comprehensive and deepest web application audit on the market