blog·Thu, Jul 2, 03:26 PM·Confidence 90%high qualitypublic
Security Blog - Insights on Autonomous Security Testing with Agentic AI | CascoExpert insights on security testing, autonomous security testing, and agentic AI security. Learn from our security engineers about the latest in cybersecurity.
Why it matters: Company publishing — post cadence and depth hint at product velocity.
Open source ↗blog·Mon, May 11, 09:04 AM·Confidence 90%high qualitypublic
What to Share When Clients Ask for a Pentest Report?Even though clients intuitively ask for a pentest report, they are often not getting the right one. You are actually supposed to share the remediation report instead. This blog post explains why and what to share instead.
Why it matters: Company publishing — post cadence and depth hint at product velocity.
Open source ↗blog·Mon, May 11, 09:04 AM·Confidence 90%high qualitypublic
What to Pack for RSAC 2026Most security professionals pack for RSA like they're heading to Vegas in February. Wrong coast, wrong weather, wrong strategy. Here's everything you need to know.
Why it matters: Company publishing — post cadence and depth hint at product velocity.
Open source ↗blog·Mon, May 11, 09:04 AM·Confidence 90%high qualitypublic
Artifacts You Should Expect From a High-Quality PentestHigh-quality penetration test don't just stop with an initial report, they should include retesting, remediation reports, and actively discourage the practice of ingenuine "clean" reports.
Why it matters: Company publishing — post cadence and depth hint at product velocity.
Open source ↗blog·Mon, May 11, 09:04 AM·Confidence 90%high qualitypublic
Better together: Vouch Insurance and CascoGet 20% off your annual pentest and 5% off your insurance with Vouch Insurance and Casco.
Why it matters: Company publishing — post cadence and depth hint at product velocity.
Open source ↗blog·Mon, May 11, 09:04 AM·Confidence 90%high qualitypublic
Why "Clean" Pentest Reports are a Red FlagWhy a "clean" pentest report is a red flag and how to spot the good penetration tests from the bad ones.
Why it matters: Company publishing — post cadence and depth hint at product velocity.
Open source ↗blog·Mon, May 11, 09:04 AM·Confidence 90%high qualitypublic
Why You Need Account-Based Rate LimitsThe Importance of Rate Limiting.
Why it matters: Company publishing — post cadence and depth hint at product velocity.
Open source ↗blog·Mon, May 11, 09:04 AM·Confidence 90%high qualitypublic
The Blueprint of a North Korean Attack on Open-SourceJust in the last 7 days, we've seen LiteLLM and axios impacted by supply chain attacks. Recently, I was chatting with Bereket Engida, the creator of the popular JS auth library. He observed repeated attempts by a contributor to add malicious code directly via…
Why it matters: Company publishing — post cadence and depth hint at product velocity.
Open source ↗blog·Mon, May 11, 09:04 AM·Confidence 90%high qualitypublic
OWASP Top 10 2025: Navigating the New Security LandscapeThe release of the OWASP Top 10 2025 marks a pivotal moment for application security. While some classic vulnerabilities remain, the list reflects a world where software is increasingly complex and interconnected. For security teams, this means the goalposts…
Why it matters: Company publishing — post cadence and depth hint at product velocity.
Open source ↗blog·Mon, May 11, 09:04 AM·Confidence 90%high qualitypublic
Casco Becomes Gold Sponsor of OWASP AI Exchange to Advance AI SecurityCasco is proud to announce that we have become a Gold Sponsor of the OWASP AI Exchange to advance AI security practices globally.
Why it matters: Company publishing — post cadence and depth hint at product velocity.
Open source ↗blog·Mon, May 11, 09:04 AM·Confidence 90%high qualitypublic
Our Policy on "Clean" Pentest ReportsEffective April 12, 2026, Casco no longer issues "clean pentest reports". Here's what that means and how to verify report authenticity.
Why it matters: Company publishing — post cadence and depth hint at product velocity.
Open source ↗blog·Mon, May 11, 09:04 AM·Confidence 90%high qualitypublic
Understanding MCP Security: Tool PoisoningWhy unverified MCPs can be a major vulnerability
Why it matters: Company publishing — post cadence and depth hint at product velocity.
Open source ↗blog·Mon, May 11, 09:04 AM·Confidence 90%high qualitypublic
How We HireHow we hire at Casco. Our mission is to make all software effortlessly secure. We hire with a simple 3-step process.
Why it matters: Company publishing — post cadence and depth hint at product velocity.
Open source ↗blog·Mon, May 11, 09:04 AM·Confidence 90%high qualitypublic
How to Hack Ford.com for $130,000How we hacked Ford.com for $130,000. This is a story about a forgotten subdomain and a $130,000 domain purchase that could have led to a massive breach.
Why it matters: Company publishing — post cadence and depth hint at product velocity.
Open source ↗blog·Mon, May 11, 09:04 AM·Confidence 90%high qualitypublic
Vulnerability Disclosure: Database Takeover in ElectricSQLA SQL injection vulnerability in ElectricSQL's ORDER BY parameter gave attackers full database access. The ElectricSQL team fixed and deployed it in 2 hours.
Why it matters: Company publishing — post cadence and depth hint at product velocity.
Open source ↗blog·Mon, May 11, 09:04 AM·Confidence 90%high qualitypublic
The 5 Levels of Penetration TestingWhy many penetration test are not getting approved by clients and how to spot the good penetration tests from the bad ones.
Why it matters: Company publishing — post cadence and depth hint at product velocity.
Open source ↗blog·Mon, May 11, 09:04 AM·Confidence 90%high qualitypublic
CrewAI + CascoAnnouncing CrewAI as a customer of Casco.
Why it matters: Company publishing — post cadence and depth hint at product velocity.
Open source ↗blog·Mon, May 11, 09:04 AM·Confidence 90%high qualitypublic
Casco Achieves CREST Accreditation for Penetration TestingCasco is proud to announce that we have achieved CREST accreditation, meeting rigorous international standards for penetration testing excellence.
Why it matters: Company publishing — post cadence and depth hint at product velocity.
Open source ↗blog·Mon, May 11, 09:04 AM·Confidence 90%high qualitypublic
Building Self-Securing SoftwareHow to build self-securing software with autonomous security testing.
Why it matters: Company publishing — post cadence and depth hint at product velocity.
Open source ↗