Automated Retest for External Infrastructure

The BreachLock SaaS platform allows you to apply for an automated retest for the vulnerabilities discovered through External Network scanning. This feature helps you to instantly validate the patches applied by you for the discovered vulnerabilities. You can use the retest functionality by navigating to the “Vulnerability” section under the External Network Scanning module. (https://app.breachlock.com//infrastructure/finding/) … Continued

Automated Penetration Testing: A myth or reality?

Automation is a buzzword in many industries these days. If you have been following the cybersecurity industry lately, automated penetration tests, security automation, AppSec automation, etc. are some of the terms that have seen massive popularity in the last 1-2 years. In this article, we explore whether automated penetration testing is a myth or reality.  DAST … Continued

Importance of Black Box Penetration Testing in Application Security

Organizations invest in many security-related exercises to ensure that its technical infrastructure is secure and protected. One such exercise is black box testing wherein the testers investigate a system just like an attacker would do with minimal or no knowledge about the internal architecture or configuration of the system. The testers use many tools for detecting possible … Continued

Web Application Security Testing Basics

If you pick up any periodical report on cyber attacks published by an organization or consortium, you will find that web applications are at the center stage of data breaches. With more businesses, either setting up their online presence or increasing it, the attack surface area for the perpetrators to exploit is increasing exponentially. On the other hand, it … Continued

Types of Application Security Testing

As we are getting more reliant on various applications to make our life easier or make business processes efficient, the threats have certainly increased to the extent that not considering security during the development of an application may cause irreparable damages. To minimize the chances of an application from being attacked as well as subsequent damages – reputational as well as financial, … Continued

The dilemma of choosing a web application security scanner: DAST, SAST, IAST, RASP, and what not.

When an application is being developed, one of the most difficult questions to be answered is how it should be tested. Instead of going for endless discussions, the decision-makers should start with answering whether they want to automate vulnerability scanning for their application. Automation saves a great deal of time and money, while at the same time, the internal … Continued

3 Opensource Tools for DAST

DAST or Dynamic Application Security Testing is a method of black-box penetration testing. To understand why DAST is preferred over SAST, let’s take an example. Let’s assume you bought a new car, and you are ready for a test drive. You start the engine, it works, but when you try to stop the vehicle, the brake doesn’t work. You … Continued