I wrote another guest post for Critical Informatics on the top 10 recommendations we end up giving new clients. These are common vulnerabilities that are not obvious for non-security focused teams. If you’ve never had a pentest, check this out before your engagement for some “low hanging fruit” to remediate.