Article in "One Magazine"

Analyzing 1000 pentesting reports from the STAN Project

As the One Conference approaches, Secura's cybersecurity experts Willem Westerhof and Paul Pols have shared their insights from Secura's STAN project on penetration testing. Their article has now been published in One Magazine.

Top 3 Vulnerabilities

Organizations are increasingly using penetration testing to bolster their cybersecurity. Pentesting reveals vulnerabilities, showing how attackers typically penetrate networks, escalate privileges, and move laterally to achieve different objectives from ransomware to espionage. Can a statistical analysis of pentesting reports offer deeper defensive insights for cyber defense?

Secura's STAN project seeks to answer this, analyzing over 1000 pentesting reports from 2021-2022, with more than 20 000 findings. Drawing from the insights of the STAN project, this article highlights the most commonly identified vulnerabilities through pentesting that enable cyber-attacks. The authors focus on the top three vulnerabilities in three key cyber defense domains: external infrastructure, web applications and internal networks.

Read the full article in One Magazine

About the authors

Willem Westerhof

Willem Westerhof is renowned for his in-depth IoT security research and as discoverer of the Horus Scenario. Sought by the Dutch Government for his expertise, he frequently speaks on platforms from SHA2017 to One Conference 2019. With 35+ CVEs to his name, Willem's impact on the cybersecurity landscape is undeniable.

Paul Pols

With master’s degrees in law, ethics, and cybersecurity, Paul is a distinguished ethical hacker. Formerly the technical advisor to the Investigatory Powers Commission for the security and intelligence services, he developed the Unified Kill Chain, teaches at the University of Leiden, and leads Ransomware Resilience at Secura.

More information

Would you like to learn more about Secura's STAN Project or our cybersecurity services? Please fill out the form and we will contact you within one business day.



Secura is a leading cybersecurity expert. Our customers range from government and healthcare to finance and industry worldwide. Secura offers technical services, such as vulnerability assessments, penetration testing and red teaming. We also provide certification for IoT and industrial environments, as well as audits, forensic services and awareness training. Our goal is to raise your cyber resilience.

Secura is a Bureau Veritas company. Bureau Veritas (BV) is a publicly listed company specialized in testing, inspection and certification. BV was founded in 1828, has over 80.000 employees and is active in 140 countries. Secura is the cornerstone of the cybersecurity strategy of Bureau Veritas.