Web Application Security – Top 5 Challenges

For security teams, the number of controls they can implement to secure a web application in production is limited while for the attackers, there is no limit on the number of attack vectors they can exploit. Slowly, businesses are acknowledging the fact that antivirus software and spam filtering are not sufficient to protect their technical infrastructure from cyber attackers. To … Continued

What is NIST Penetration Testing?

Introduction NIST (National Institute for Science & Technology) is a US Department of Commerce agency. Under the Federal Information Security Management Act of 2002 (FISMA), it is responsible for developing standards and guidelines for information security, including the prescription of minimum requirements for US federal information systems. Generally, the guidance documents published by NIST are more … Continued

Phishing as a Service

Over the years, phishing attacks have become fairly sophisticated, and to counter them, many technology-based solutions have been developed to prevent such attacks. However, the only practical solution is to educate employees so that they do not end up on clicking malicious links, filling online forms, or unintentionally sharing confidential information about your business.   Technological solutions such as … Continued

Penetration Testing for the Cloud – How it is different?

If you are working in the cyber security industry, you will be familiar with terms like application penetration testing, network penetration testing, etc. However, the growth of the cloud computing industry in the last 4-5 Years has introduced a new name to the penetration testing list – cloud penetration testing.   In a traditional pen test, … Continued

Penetration Testing at DevSecOps Speed

It is time to say goodbye to those times when security and privacy concerns used to be after-development activities or were ignored altogether. The intricacies of ever-evolving cyber space have made it an inherent responsibility for businesses across the world to incorporate security and privacy measures in their products and services. While businesses adapt to … Continued

Integrating OWASP ZAP in DevSecOps Pipeline

Security and innovations have often been at contrast positions when it comes to the development of new products and services. In a Rapid Application Development Cycle (DevSecOps), security teams often initiated DAST tools to locate vulnerabilities just before the launch of a new product or a new version of the previously-launched product. This became non-scalable … Continued