Automated penetration testing tools

Our clients often ask whether they should go for automated or manual penetration testing. The ideal recommendation is to follow a mixed approach. Absolute reliance on either of the methods can have a fair share of disadvantages. For example, manual penetration testing is time-consuming, and your team will not be utilizing the benefits of automated … Continued

HIPAA Security Rule for dummies

HIPAA (Health Insurance Portability and Accountability Act) is a 1996 federal law that seeks to protect the medical information of patients. To achieve this, it lays down certain compliance requirements for covered entities. In the context of HIPAA, covered entities are organizations on which HIPAA is applicable. Under Title II of this act, the US … Continued

Firewall penetration testing explained

Firewalls form the first line of defense in your organization’s IT infrastructure. As a result, the attackers are most likely to scan and exploit existing vulnerabilities. A firewall can be either software or hardware. It continuously inspects your organization’s incoming and outgoing traffic. Generally, firewalls have predetermined rules and policies to either grant or deny … Continued

How to choose a PCI DSS penetration testing partner?

Cyber attacks are getting increasingly sophisticated and complex. An organization cannot sit back and wait for a security incident to occur before taking any action. Modern-day organizations need to adopt proactive as well as reactive measures to minimize cybersecurity risks comprehensively. Penetration testing is one such proactive measure that helps an organization in identifying vulnerabilities … Continued

Automated Retest for External Infrastructure

The BreachLock SaaS platform allows you to apply for an automated retest for the vulnerabilities discovered through External Network scanning. This feature helps you to instantly validate the patches applied by you for the discovered vulnerabilities. You can use the retest functionality by navigating to the “Vulnerability” section under the External Network Scanning module. (https://app.breachlock.com//infrastructure/finding/) … Continued

Security Awareness and phishing security testing

Phishing attacks account for around 90% of data breaches. In the last year, phishing attacks have increased by 65%. As many as 76% of businesses have accepted that at least one of their employees fell victim to a phishing attack. Further, a Verizon report found that 30% of phishing emails are opened by targeted users. … Continued

Cyber Essentials Certification – All you need to know

Cyber Essentials certification has been prescribed by the National Cyber Security Centre (NCSC), a UK government organization that advises and provides support for the public as well as private sector for maintaining a reasonable level of cybersecurity. As per the Cyber Essentials website, it helps in protecting organizations, irrespective of the size, against a whole range of the … Continued

Vulnerability Assessment and Penetration Testing in AWS for SOC 2 Compliance

Many organizations have now started considering security as an essential factor while choosing a vendor. This shift has led to a surge in service providers opting for SOC 2 compliance to demonstrate that they have implemented an adequate level of security controls, and an authorized third party has audited these controls.  SOC, or the System Organization Control, prescribes five trust service principles (TSPs) … Continued