HIPAA Security Rule for dummies

HIPAA (Health Insurance Portability and Accountability Act) is a 1996 federal law that seeks to protect the medical information of patients. To achieve this, it lays down certain compliance requirements for covered entities. In the context of HIPAA, covered entities are organizations on which HIPAA is applicable. Under Title II of this act, the US … Continued

How to choose a PCI DSS penetration testing partner?

Cyber attacks are getting increasingly sophisticated and complex. An organization cannot sit back and wait for a security incident to occur before taking any action. Modern-day organizations need to adopt proactive as well as reactive measures to minimize cybersecurity risks comprehensively. Penetration testing is one such proactive measure that helps an organization in identifying vulnerabilities … Continued

Top 5 open-source tools for network vulnerability scanning

Organizations conduct vulnerability assessments for their networks to identify the existing vulnerabilities, weaknesses, and loopholes. The results of such an assessment can help a network administrator in understanding the security posture of their network and implement defensive measures against potential threats and vulnerabilities. So often, vulnerability assessments involve a network vulnerability scanner tool which can … Continued

VPN penetration testing explained

A Virtual Private Network, or VPN, is a gateway to your organizational network. While companies often prefer using a VPN for remote access, its importance has only increased by the COVID-19 pandemic. We recommended using VPNs as one of the good security practices to follow while working remotely. From an attacker’s perspective, finding a VPN … Continued

Penetration Testing and Vulnerability Scanning Controls for ISO 27001

Penetration testing has become a necessity for modern-day enterprises. An organization has to remain proactive in finding & fixing vulnerabilities in its systems before the attackers do. In addition to this, more and more laws and regulations now require organizations to implement reasonable security practices to maintain confidentiality, integrity, and availability of their data. While … Continued

Security Awareness and phishing security testing

Phishing attacks account for around 90% of data breaches. In the last year, phishing attacks have increased by 65%. As many as 76% of businesses have accepted that at least one of their employees fell victim to a phishing attack. Further, a Verizon report found that 30% of phishing emails are opened by targeted users. … Continued

Cloud-based application security testing –Challenges

In the last article, we discussed objectives and key facts cloud-based application security testing. Apart from the general information security challenges that the cloud services face on a daily basis, we will be discussing various challenges which act as major obstacles in the mass adoption of cloud-based security testing.  Figure 1: Challenges Challenge 1: Distributed Computing Risks  Cloud is often interpreted … Continued

What is cloud-based application security testing?

In the last decade, cloud computing has completely changed how IT services are delivered. Low maintenance costs and easy-to-set up have been two major factors leading to global adoption of cloud-based services; though security continues to be a hurdle. Cloud security testing has emerged as a new service model wherein security-as-a-service providers perform on-demand application security testing … Continued

Penetration Testing for the Cloud – How it is different?

If you are working in the cyber security industry, you will be familiar with terms like application penetration testing, network penetration testing, etc. However, the growth of the cloud computing industry in the last 4-5 Years has introduced a new name to the penetration testing list – cloud penetration testing.   In a traditional pen test, … Continued