Conduct manual penetration testing on application to achive complience
For security teams, the number of controls they can implement to secure a web application in production is limited while for the attackers, there is no limit on the number of attack vectors they can exploit. Slowly, businesses are acknowledging the fact that antivirus software and spam filtering are not sufficient to protect their technical infrastructure from cyber attackers. To … Continued
Introduction NIST (National Institute for Science & Technology) is a US Department of Commerce agency. Under the Federal Information Security Management Act of 2002 (FISMA), it is responsible for developing standards and guidelines for information security, including the prescription of minimum requirements for US federal information systems. Generally, the guidance documents published by NIST are more … Continued
Over the years, phishing attacks have become fairly sophisticated, and to counter them, many technology-based solutions have been developed to prevent such attacks. However, the only practical solution is to educate employees so that they do not end up on clicking malicious links, filling online forms, or unintentionally sharing confidential information about your business. Technological solutions such as … Continued
If you are working in the cyber security industry, you will be familiar with terms like application penetration testing, network penetration testing, etc. However, the growth of the cloud computing industry in the last 4-5 Years has introduced a new name to the penetration testing list – cloud penetration testing. In a traditional pen test, … Continued
It is time to say goodbye to those times when security and privacy concerns used to be after-development activities or were ignored altogether. The intricacies of ever-evolving cyber space have made it an inherent responsibility for businesses across the world to incorporate security and privacy measures in their products and services. While businesses adapt to … Continued
Security and innovations have often been at contrast positions when it comes to the development of new products and services. In a Rapid Application Development Cycle (DevSecOps), security teams often initiated DAST tools to locate vulnerabilities just before the launch of a new product or a new version of the previously-launched product. This became non-scalable … Continued