Penetration Testing and Vulnerability Scanning Controls for ISO 27001

Penetration testing has become a necessity for modern-day enterprises. An organization has to remain proactive in finding & fixing vulnerabilities in its systems before the attackers do. In addition to this, more and more laws and regulations now require organizations to implement reasonable security practices to maintain confidentiality, integrity, and availability of their data. While … Continued

Does the CCPA require penetration testing?

Businesses in California have started their preparations for January 01, 2020 – the day from which the CCPA comes into force. In the last month and a half, we have been receiving a large number of queries regarding the meaning of the phrase “reasonable security practices” and “penetration testing requirements for CCPA.” In this article, we discuss the extent of … Continued

Cyber Essentials Certification – All you need to know

Cyber Essentials certification has been prescribed by the National Cyber Security Centre (NCSC), a UK government organization that advises and provides support for the public as well as private sector for maintaining a reasonable level of cybersecurity. As per the Cyber Essentials website, it helps in protecting organizations, irrespective of the size, against a whole range of the … Continued

Web Application Penetration Testing Checklist 

Most of the web applications are public-facing websites of businesses, and they are a lucrative target for attackers. Hence, it becomes imperative for companies to ensure that their web applications are adequately protected and are not prone to cyber-attacks. Our penetration testing experts have compiled a checklist to be utilized while performing a penetration test for … Continued

Web Application Security Common Misconceptions

Businesses, irrespective of their industry, are now deploying web applications to deliver their products and services efficiently. When a web application is being deployed, the development team tries to ensure that a web application has the minimum time to market possible. Moving to agile development is already not smooth sailing, and on top of that, … Continued

Agile Methodology In Security Testing

Development teams work extensively on ensuring that the application being developed has minimum time to market (TTM) possible. While at the same time, security considerations are not something that can be ignored now. This leads to a conflict between the goals of agile development methodologies and secure development. The best possible way out of this … Continued

Importance of Black Box Penetration Testing in Application Security

Organizations invest in many security-related exercises to ensure that its technical infrastructure is secure and protected. One such exercise is black box testing wherein the testers investigate a system just like an attacker would do with minimal or no knowledge about the internal architecture or configuration of the system. The testers use many tools for detecting possible … Continued

Cloud-based application security testing –Challenges

In the last article, we discussed objectives and key facts cloud-based application security testing. Apart from the general information security challenges that the cloud services face on a daily basis, we will be discussing various challenges which act as major obstacles in the mass adoption of cloud-based security testing.  Figure 1: Challenges Challenge 1: Distributed Computing Risks  Cloud is often interpreted … Continued

Application Security Testing Best Practices – Part II

In our last post, we talked about some basic best practices that must be followed while performing security testing activities for an application. In this article, we will focus on application security testing best practices while working in a DevOps environment.  We have often seen that the internal security team and DevOps team often work in different … Continued

DAST v. SAST: Which one is better?

Earlier, security and privacy concerns were often used to be after-development activities, or they were ignored altogether. The ever-evolving threat landscape has definitely changed this position taken by the organizations and now, they are indeed concerned about the security issues associated with their application or software being developed. Or in other words, organizations are now … Continued