HIPAA Security Rule for dummies

HIPAA (Health Insurance Portability and Accountability Act) is a 1996 federal law that seeks to protect the medical information of patients. To achieve this, it lays down certain compliance requirements for covered entities. In the context of HIPAA, covered entities are organizations on which HIPAA is applicable. Under Title II of this act, the US … Continued

HIPAA Compliance for AWS-hosted SaaS

Amazon Web Services (AWS) is a leading cloud service provider. If you are a software-as-a-service (SaaS) provider, you may have availed one or more services from AWS. If you are working in the healthcare industry or your clients have covered entities that process, maintain, and store protected health information (PHI), HIPAA compliance becomes a necessity … Continued

Penetration testing tools for Automated security testing

There is a big debate about whether penetration testing should be automated or manual. While our experts say that it must be a combination of both, automated testing tools can prove very valuable for your security testing toolkit. Automated tools have apparent benefits such as speed and cutting down manual hours of work; their drawbacks … Continued

Benefits of Phishing Simulations

Email is the primary channel for corporate communications. On the one hand, emails have seamlessly replaced printed papers and postal delivery system that took multiple days to deliver letters across the country, while on the other hand, the attackers utilize email as a propagation medium to launch various types of attack. In this article, we explore the … Continued

Automated Penetration Testing: A myth or reality?

Automation is a buzzword in many industries these days. If you have been following the cybersecurity industry lately, automated penetration tests, security automation, AppSec automation, etc. are some of the terms that have seen massive popularity in the last 1-2 years. In this article, we explore whether automated penetration testing is a myth or reality.  DAST … Continued

Penetration Testing for ISO 27001 Control A.12.6.1

Out of all the security standards that have been prescribed by various bodies and organizations so far, ISO 27001:2013 has been the most popular one – without any doubt. Containing ten clauses and 114 controls, this standard has also served as a stepping stone for many organizations to improvise their information security policies and procedures. In this … Continued

Penetration Testing and Vulnerability Scanning for PCI DSS

Irrespective of the industry, penetration testing and vulnerability scanning exercises help businesses a great deal when it comes to the security of their technical infrastructure. For businesses processing sensitive data such as credit card data, such practices have more relevance than ever. The foundation for this article was laid by one of our previous articles where … Continued

Benefits of Automated Penetration Testing tools

Automated penetration testing plays an important role in a security analyst’s arsenal. As part of an organization’s overall security strategy, penetration tests quickly evaluate the existing security maturity of its technical infrastructure. However, one cannot solely rely on automated penetration tests, and they must be monitored by the internal security team.   Defining automated penetration testing  When … Continued