HIPAA Security Rule for dummies

HIPAA (Health Insurance Portability and Accountability Act) is a 1996 federal law that seeks to protect the medical information of patients. To achieve this, it lays down certain compliance requirements for covered entities. In the context of HIPAA, covered entities are organizations on which HIPAA is applicable. Under Title II of this act, the US … Continued

Firewall penetration testing explained

Firewalls form the first line of defense in your organization’s IT infrastructure. As a result, the attackers are most likely to scan and exploit existing vulnerabilities. A firewall can be either software or hardware. It continuously inspects your organization’s incoming and outgoing traffic. Generally, firewalls have predetermined rules and policies to either grant or deny … Continued

Automated Penetration Testing: A myth or reality?

Automation is a buzzword in many industries these days. If you have been following the cybersecurity industry lately, automated penetration tests, security automation, AppSec automation, etc. are some of the terms that have seen massive popularity in the last 1-2 years. In this article, we explore whether automated penetration testing is a myth or reality.  DAST … Continued

Web Application Security – Top 5 Challenges

For security teams, the number of controls they can implement to secure a web application in production is limited while for the attackers, there is no limit on the number of attack vectors they can exploit. Slowly, businesses are acknowledging the fact that antivirus software and spam filtering are not sufficient to protect their technical infrastructure from cyber attackers. To … Continued

Agile security testing for applications – the way forward?

Businesses are increasingly moving towards adopting DevOps in their development process so that the time-to-time (TTM) is reduced. With the second decade of this millennium coming to an end, the development lifecycle for any software development project cannot be static stages with teams working in their silos with minimum communication with each other.   While at the same … Continued

Application Security SaaS – Pros and Cons 

The number of vulnerabilities that have been discovered in recent years has been increasing exponentially. Attackers are now getting more sophisticated than ever, and they are heavily focussing on the information having tangible value. Organizations have been investing in terms of security and money, and this investment is bound to increase significantly in the years to come.  … Continued

Cloud-based application security testing –Challenges

In the last article, we discussed objectives and key facts cloud-based application security testing. Apart from the general information security challenges that the cloud services face on a daily basis, we will be discussing various challenges which act as major obstacles in the mass adoption of cloud-based security testing.  Figure 1: Challenges Challenge 1: Distributed Computing Risks  Cloud is often interpreted … Continued

What is cloud-based application security testing?

In the last decade, cloud computing has completely changed how IT services are delivered. Low maintenance costs and easy-to-set up have been two major factors leading to global adoption of cloud-based services; though security continues to be a hurdle. Cloud security testing has emerged as a new service model wherein security-as-a-service providers perform on-demand application security testing … Continued

Types of Application Security Testing

As we are getting more reliant on various applications to make our life easier or make business processes efficient, the threats have certainly increased to the extent that not considering security during the development of an application may cause irreparable damages. To minimize the chances of an application from being attacked as well as subsequent damages – reputational as well as financial, … Continued