2022, Annual Penetration Testing Intelligence Report. Read Now

PCI DSS 4.0 and Penetration Testing – What You Need to Know

On March 31, 2022, the Payment Card Industry Security Standards Council (PCI SSC) released the fourth and latest version of the PCI DSS. For those not already familiar with the PCI DSS standard, it was developed to encourage and enforce the security of cardholder data and broaden the adoption of data security measures at a … Continued

What is API Penetration Testing?

Application Programming Interfaces (APIs) play a critical role in the age of digital transformation, catalyzing software and app development for DevOps teams at an unparalleled level of acceleration. APIs save developers time, improve system scalability and flexibility, lower development costs, and increase go-to-market speed. Although APIs can be the greatest thing since sliced bread when … Continued

Pentest Vendor Retention or Rotation – What is the Right Approach?

With recent research showing the average cost of a data breach in 2021 reached a whopping $4.35 million, there is little debate on why organizations need to establish cybersecurity best practices. For US-based companies, the average cost of a security breach comes in at an astounding $9.44 million – the highest of any country. These … Continued

The Basics of Penetration Testing

Cybersecurity is a critical investment for companies today. As the adage goes, threat actors only have to be right once – and cybersecurity teams have to be right every time. With zero-day exploits, ransomware-as-a-service, and advanced persistent threats, there are more ways than ever to breach networks, and security operations teams are slammed. Security analysts … Continued

Why Network Penetration Testing Is Critical for Security

Penetration testing exercises have become a must-have for an organization’s security initiatives. Penetration Testing (or pentesting) exercises aim to discover vulnerabilities in an organization’s IT assets. The scope of a pentest can include a mobile app, web app, network, API endpoints, etc. Regularly scheduled penetration tests can help organizations understand their current security posture and … Continued

Manual Pentesting Versus Automated Pentesting Explained

Penetration tests help organizations effectively assess their security posture against evolving security threats. There are two types of pentesting approaches: manual pen testing and automated pen testing. Each approach has different attributes that can help or hinder the desired outcome of a Penetration Test for organizations, which could impact their ability to reach their security … Continued

ISO 27002:2022 Control 5.23: Information Security for use of Cloud Services

ISO 27002 is used as a guidance document to determine and implement controls for ISO’s information security management system (ISMS) based on ISO 27001 standards. The latest version of ISO 27002, i.e., ISO 27002:2022, introduces substantial changes to the ISMS framework. Our compliance experts believe this will impact organizations’ certification and re-certification process. Released on … Continued

Uber’s Recent Breach

A Hacker’s Perspective When it comes to any major security breach, it is important to take a moment to understand the ins and outs of how it was executed to prevent your organization from experiencing a similar incident in the future. It’s easy to have a “that could never happen to me” mindset, but the truth is, … Continued

Top Vulnerability Scanners for Cybersecurity Professionals

A vulnerability scanner is a crucial tool in any security team’s toolkit. Security professionals use these tools to search for and identify known vulnerabilities in digital systems. While using a vulnerability scanner is a straightforward and undisputable practice, the benefits are multifold. Vulnerability scanners utilize a database of known vulnerabilities to identify potential weaknesses that … Continued

What is the difference between Vulnerability Scans and Pen Tests?

We have often seen in our client interactions that business owners confuse vulnerability scans with pen tests. A surprising number of inquiries have come through from companies for vulnerability scans when they’re actually looking for a pen test. Regardless, vulnerability scans and pen tests have become crucial and fundamental to an organization’s security practices. Regulations … Continued