Annual penetration testing v. continuous monitoring

Penetration tests have become an essential part of an organization’s security strategy to find and fix vulnerabilities before the attackers exploit them. The frequency of penetration tests depends on a variety of factors such as regulatory requirements, risk assessment results, and available financial resources. Our clients often ask our experts about the right frequency for … Continued

Penetration testing requirements for NIST SP 800-53

Year after year, security threats continue to get complicated and sophisticated. An enterprise cannot wait for the attackers to exploit vulnerabilities in their systems. It needs to adopt proactive security measures to remain a step ahead of the attackers. Penetration testing is one such exercise that seeks to test the efficiency of enterprise systems. It … Continued

Are free PCI ASV scans possible?

Requirement 11.2 of PCI DSS states that a covered entity should conduct quarterly external scans and rescans via an Approved Scanning Vendor (ASV). An ASV is a PCI SSC-qualified company to conduct external vulnerability scanning services in line with PCI DSS Requirements 11.2.2. For a vendor to be designated as an ASV, PCI SCC’s ASV … Continued

Who needs PCI ASV scans and why?

Payment Card Industry Data Security Standards (PCI DSS) are operational and technical requirements prescribed by the PCI Security Standard Council (PCI SSC). This standard applies to all entities that store, process, or transmit cardholder data. PCI SCC looks after maintaining the PCI DSS standard and its enforcement. Over the years, PCI DSS has achieved the … Continued

HIPAA Compliance for AWS-hosted SaaS

Amazon Web Services (AWS) is a leading cloud service provider. If you are a software-as-a-service (SaaS) provider, you may have availed one or more services from AWS. If you are working in the healthcare industry or your clients have covered entities that process, maintain, and store protected health information (PHI), HIPAA compliance becomes a necessity … Continued

PCI DSS compliance for your Azure hosted SaaS

Cloud computing has brought in a paradigm shift and transformed how organizations across the globe offer their services. Instead of setting up physical infrastructure, most organizations prefer moving to a cloud environment for on-demand access to resources. Cost-effectiveness and minimal management requirements further push SaaS providers to rely on cloud infrastructure, as compared to physical … Continued

Cybersecurity checklist for SaaS applications

In the last few years, we have seen that SaaS businesses have grown at a sky-high pace. Due to quick setup, scalability, easy upgrade, and low physical infrastructure requirements, SaaS products are becoming the first choice of businesses across the globe, irrespective of their size. BreachLock’s offerings include a SaaS platform, and if you are … Continued

Penetration testing tools for Automated security testing

There is a big debate about whether penetration testing should be automated or manual. While our experts say that it must be a combination of both, automated testing tools can prove very valuable for your security testing toolkit. Automated tools have apparent benefits such as speed and cutting down manual hours of work; their drawbacks … Continued

Penetration testing and vulnerability scanning for GDPR

GDPR completed its second anniversary in May this year. In one of our earlier articles, we discussed how NYDFS Cybersecurity Requirements for Financial Services Companies is a rare regulation that explicitly states penetration testing and vulnerability assessments. Unlike NYDFS, GDPR does not explicitly cover either of these, which leads to a lack of clarity. In … Continued