Conduct manual penetration testing on application to achive complience
Our clients often ask whether they should go for automated or manual penetration testing. The ideal recommendation is to follow a mixed approach. Absolute reliance on either of the methods can have a fair share of disadvantages. For example, manual penetration testing is time-consuming, and your team will not be utilizing the benefits of automated … Continued
Organizations conduct vulnerability assessments for their networks to identify the existing vulnerabilities, weaknesses, and loopholes. The results of such an assessment can help a network administrator in understanding the security posture of their network and implement defensive measures against potential threats and vulnerabilities. So often, vulnerability assessments involve a network vulnerability scanner tool which can … Continued
Considering the market dynamics and increasing competition in various industry segments, organizations seek to minimize their applications’ time-to-market. Companies adopt DevOps principles for improving the delivery speed and enhancing the agility in their workflows. While DevOps is not a new concept, it focusses on collaboration between development and operations within an organization. Due to this … Continued
Amazon Web Services (AWS) is a leading cloud service provider. If you are a software-as-a-service (SaaS) provider, you may have availed one or more services from AWS. If you are working in the healthcare industry or your clients have covered entities that process, maintain, and store protected health information (PHI), HIPAA compliance becomes a necessity … Continued
GDPR completed its second anniversary in May this year. In one of our earlier articles, we discussed how NYDFS Cybersecurity Requirements for Financial Services Companies is a rare regulation that explicitly states penetration testing and vulnerability assessments. Unlike NYDFS, GDPR does not explicitly cover either of these, which leads to a lack of clarity. In … Continued
The much-discussed California Consumer Privacy Act (or CCPA) finally came into force at the start of this year, on January 01, 2020. As the name itself suggests, CCPA is a California State Law passed by the State Legislature of California. This law aims to expand the ambit of the privacy rights of the customers for … Continued
In June 2015, NIST published a special publication 800-171 focusing on the protection of controlled unclassified information (CUI). This publication has been developed by NIST to further its statutory obligations under the Federal Information Security Modernization Act (FISMA) of 2014. Over the last five years, there have been a couple of revisions, and the latest … Continued
Penetration testing has become a necessity for modern-day enterprises. An organization has to remain proactive in finding & fixing vulnerabilities in its systems before the attackers do. In addition to this, more and more laws and regulations now require organizations to implement reasonable security practices to maintain confidentiality, integrity, and availability of their data. While … Continued
This is an undeniable fact that the threat landscape has been evolving at an unprecedented rate. Modern-day businesses cannot ignore the security of their technical infrastructure under the belief that the attackers will not target them. The attackers always remain on the lookout for identifying vulnerabilities and exploiting them for a variety of reasons. Since … Continued