Automated penetration testing tools

Our clients often ask whether they should go for automated or manual penetration testing. The ideal recommendation is to follow a mixed approach. Absolute reliance on either of the methods can have a fair share of disadvantages. For example, manual penetration testing is time-consuming, and your team will not be utilizing the benefits of automated … Continued

HIPAA Security Rule for dummies

HIPAA (Health Insurance Portability and Accountability Act) is a 1996 federal law that seeks to protect the medical information of patients. To achieve this, it lays down certain compliance requirements for covered entities. In the context of HIPAA, covered entities are organizations on which HIPAA is applicable. Under Title II of this act, the US … Continued

Firewall penetration testing explained

Firewalls form the first line of defense in your organization’s IT infrastructure. As a result, the attackers are most likely to scan and exploit existing vulnerabilities. A firewall can be either software or hardware. It continuously inspects your organization’s incoming and outgoing traffic. Generally, firewalls have predetermined rules and policies to either grant or deny … Continued

VPN penetration testing explained

A Virtual Private Network, or VPN, is a gateway to your organizational network. While companies often prefer using a VPN for remote access, its importance has only increased by the COVID-19 pandemic. We recommended using VPNs as one of the good security practices to follow while working remotely. From an attacker’s perspective, finding a VPN … Continued

Cyber Essentials Certification – All you need to know

Cyber Essentials certification has been prescribed by the National Cyber Security Centre (NCSC), a UK government organization that advises and provides support for the public as well as private sector for maintaining a reasonable level of cybersecurity. As per the Cyber Essentials website, it helps in protecting organizations, irrespective of the size, against a whole range of the … Continued

Web Application Security Testing Basics

If you pick up any periodical report on cyber attacks published by an organization or consortium, you will find that web applications are at the center stage of data breaches. With more businesses, either setting up their online presence or increasing it, the attack surface area for the perpetrators to exploit is increasing exponentially. On the other hand, it … Continued

Application Security Testing Best Practices – Part II

In our last post, we talked about some basic best practices that must be followed while performing security testing activities for an application. In this article, we will focus on application security testing best practices while working in a DevOps environment.  We have often seen that the internal security team and DevOps team often work in different … Continued

Application Security Testing Best Practices – Part I

With cyber attacks increasing exponentially, security testing has become a necessity for organizations across the globe. Even if an organization has developed an application by properly following secure coding principles, the application still requires significant and rigorous testing before it is finally deployed. After deployment, security testing activities have to be regularly performed to ensure that just in case … Continued

How to use NodeJsScan for SAST – Step-by-step Guide

NodeJsScan is a static code scanner that is used to find security flaws specifically in Node.js applications. In this post, we will look at how you can use NodeJsScan for SAST.   Configuration & Usage  Install Postgres and configure SQLALCHEMY_DATABASE_URI in core/setting.py  Download the NodeJsScan package from the GitHub repository https://github.com/ajinabraham/NodeJsScan.  Figure 1 Cloning the repository Navigate to the NodeJsScan directory and install all … Continued