HIPAA Security Rule for dummies

HIPAA (Health Insurance Portability and Accountability Act) is a 1996 federal law that seeks to protect the medical information of patients. To achieve this, it lays down certain compliance requirements for covered entities. In the context of HIPAA, covered entities are organizations on which HIPAA is applicable. Under Title II of this act, the US … Continued

Firewall penetration testing explained

Firewalls form the first line of defense in your organization’s IT infrastructure. As a result, the attackers are most likely to scan and exploit existing vulnerabilities. A firewall can be either software or hardware. It continuously inspects your organization’s incoming and outgoing traffic. Generally, firewalls have predetermined rules and policies to either grant or deny … Continued

How to choose a PCI DSS penetration testing partner?

Cyber attacks are getting increasingly sophisticated and complex. An organization cannot sit back and wait for a security incident to occur before taking any action. Modern-day organizations need to adopt proactive as well as reactive measures to minimize cybersecurity risks comprehensively. Penetration testing is one such proactive measure that helps an organization in identifying vulnerabilities … Continued

Top 5 open-source tools for network vulnerability scanning

Organizations conduct vulnerability assessments for their networks to identify the existing vulnerabilities, weaknesses, and loopholes. The results of such an assessment can help a network administrator in understanding the security posture of their network and implement defensive measures against potential threats and vulnerabilities. So often, vulnerability assessments involve a network vulnerability scanner tool which can … Continued

DevOps best practices for vulnerability scanning

Considering the market dynamics and increasing competition in various industry segments, organizations seek to minimize their applications’ time-to-market. Companies adopt DevOps principles for improving the delivery speed and enhancing the agility in their workflows. While DevOps is not a new concept, it focusses on collaboration between development and operations within an organization. Due to this … Continued

Cybersecurity checklist for SaaS applications

In the last few years, we have seen that SaaS businesses have grown at a sky-high pace. Due to quick setup, scalability, easy upgrade, and low physical infrastructure requirements, SaaS products are becoming the first choice of businesses across the globe, irrespective of their size. BreachLock’s offerings include a SaaS platform, and if you are … Continued

Security awareness basics for your DevOps

Organizational security cannot be considered as the responsibility of a single team. Considering the evolving nature of sophisticated threats in cyberspace, an organization is prone to cyber attacks as a whole. In such a scenario, it becomes vital for all employees to understand that cybersecurity is a shared responsibility. However, depending upon the type of … Continued

Security Awareness and phishing security testing

Phishing attacks account for around 90% of data breaches. In the last year, phishing attacks have increased by 65%. As many as 76% of businesses have accepted that at least one of their employees fell victim to a phishing attack. Further, a Verizon report found that 30% of phishing emails are opened by targeted users. … Continued

Agile Methodology In Security Testing

Development teams work extensively on ensuring that the application being developed has minimum time to market (TTM) possible. While at the same time, security considerations are not something that can be ignored now. This leads to a conflict between the goals of agile development methodologies and secure development. The best possible way out of this … Continued