How to choose a PCI DSS penetration testing partner?

Cyber attacks are getting increasingly sophisticated and complex. An organization cannot sit back and wait for a security incident to occur before taking any action. Modern-day organizations need to adopt proactive as well as reactive measures to minimize cybersecurity risks comprehensively. Penetration testing is one such proactive measure that helps an organization in identifying vulnerabilities … Continued

Automated Retest for DAST

The BreachLock SaaS platform allows you to apply for an automated retest for the vulnerabilities discovered through the DAST scanner. This feature helps you to instantly validate the patches applied by your organization for the discovered vulnerabilities. You can use the retest functionality by navigating to the Vulnerability page in the Web Scanning (DAST) module. … Continued

Automated Penetration Testing: A myth or reality?

Automation is a buzzword in many industries these days. If you have been following the cybersecurity industry lately, automated penetration tests, security automation, AppSec automation, etc. are some of the terms that have seen massive popularity in the last 1-2 years. In this article, we explore whether automated penetration testing is a myth or reality.  DAST … Continued

Agile security testing for applications – the way forward?

Businesses are increasingly moving towards adopting DevOps in their development process so that the time-to-time (TTM) is reduced. With the second decade of this millennium coming to an end, the development lifecycle for any software development project cannot be static stages with teams working in their silos with minimum communication with each other.   While at the same … Continued

Importance of Black Box Penetration Testing in Application Security

Organizations invest in many security-related exercises to ensure that its technical infrastructure is secure and protected. One such exercise is black box testing wherein the testers investigate a system just like an attacker would do with minimal or no knowledge about the internal architecture or configuration of the system. The testers use many tools for detecting possible … Continued

Web Application Security Testing Basics

If you pick up any periodical report on cyber attacks published by an organization or consortium, you will find that web applications are at the center stage of data breaches. With more businesses, either setting up their online presence or increasing it, the attack surface area for the perpetrators to exploit is increasing exponentially. On the other hand, it … Continued

Types of Application Security Testing

As we are getting more reliant on various applications to make our life easier or make business processes efficient, the threats have certainly increased to the extent that not considering security during the development of an application may cause irreparable damages. To minimize the chances of an application from being attacked as well as subsequent damages – reputational as well as financial, … Continued

The dilemma of choosing a web application security scanner: DAST, SAST, IAST, RASP, and what not.

When an application is being developed, one of the most difficult questions to be answered is how it should be tested. Instead of going for endless discussions, the decision-makers should start with answering whether they want to automate vulnerability scanning for their application. Automation saves a great deal of time and money, while at the same time, the internal … Continued