HIPAA Security Rule for dummies

HIPAA (Health Insurance Portability and Accountability Act) is a 1996 federal law that seeks to protect the medical information of patients. To achieve this, it lays down certain compliance requirements for covered entities. In the context of HIPAA, covered entities are organizations on which HIPAA is applicable. Under Title II of this act, the US … Continued

Firewall penetration testing explained

Firewalls form the first line of defense in your organization’s IT infrastructure. As a result, the attackers are most likely to scan and exploit existing vulnerabilities. A firewall can be either software or hardware. It continuously inspects your organization’s incoming and outgoing traffic. Generally, firewalls have predetermined rules and policies to either grant or deny … Continued

Automated Retest for External Infrastructure

The BreachLock SaaS platform allows you to apply for an automated retest for the vulnerabilities discovered through External Network scanning. This feature helps you to instantly validate the patches applied by you for the discovered vulnerabilities. You can use the retest functionality by navigating to the “Vulnerability” section under the External Network Scanning module. (https://app.breachlock.com//infrastructure/finding/) … Continued

Penetration Testing and Vulnerability Scanning Controls for ISO 27001

Penetration testing has become a necessity for modern-day enterprises. An organization has to remain proactive in finding & fixing vulnerabilities in its systems before the attackers do. In addition to this, more and more laws and regulations now require organizations to implement reasonable security practices to maintain confidentiality, integrity, and availability of their data. While … Continued

Automated Penetration Testing: A myth or reality?

Automation is a buzzword in many industries these days. If you have been following the cybersecurity industry lately, automated penetration tests, security automation, AppSec automation, etc. are some of the terms that have seen massive popularity in the last 1-2 years. In this article, we explore whether automated penetration testing is a myth or reality.  DAST … Continued

Cyber Essentials Certification – All you need to know

Cyber Essentials certification has been prescribed by the National Cyber Security Centre (NCSC), a UK government organization that advises and provides support for the public as well as private sector for maintaining a reasonable level of cybersecurity. As per the Cyber Essentials website, it helps in protecting organizations, irrespective of the size, against a whole range of the … Continued

Web Application Security – Top 5 Challenges

For security teams, the number of controls they can implement to secure a web application in production is limited while for the attackers, there is no limit on the number of attack vectors they can exploit. Slowly, businesses are acknowledging the fact that antivirus software and spam filtering are not sufficient to protect their technical infrastructure from cyber attackers. To … Continued

Agile security testing for applications – the way forward?

Businesses are increasingly moving towards adopting DevOps in their development process so that the time-to-time (TTM) is reduced. With the second decade of this millennium coming to an end, the development lifecycle for any software development project cannot be static stages with teams working in their silos with minimum communication with each other.   While at the same … Continued

Application Security SaaS – Pros and Cons 

The number of vulnerabilities that have been discovered in recent years has been increasing exponentially. Attackers are now getting more sophisticated than ever, and they are heavily focussing on the information having tangible value. Organizations have been investing in terms of security and money, and this investment is bound to increase significantly in the years to come.  … Continued