FedRAMP penetration testing requirements

The Federal Risk and Authorization Management Program (FedRAMP) is a federal program that aims to provide a standard approach for security assessments and continuous monitoring of cloud-based services and products. The Office of Management and Budget (OMB) laid the foundation for this program in line the Cloud First Policy of the US federal government in … Continued

Automated penetration testing tools

Our clients often ask whether they should go for automated or manual penetration testing. The ideal recommendation is to follow a mixed approach. Absolute reliance on either of the methods can have a fair share of disadvantages. For example, manual penetration testing is time-consuming, and your team will not be utilizing the benefits of automated … Continued

HIPAA Security Rule for dummies

HIPAA (Health Insurance Portability and Accountability Act) is a 1996 federal law that seeks to protect the medical information of patients. To achieve this, it lays down certain compliance requirements for covered entities. In the context of HIPAA, covered entities are organizations on which HIPAA is applicable. Under Title II of this act, the US … Continued

VPN penetration testing explained

A Virtual Private Network, or VPN, is a gateway to your organizational network. While companies often prefer using a VPN for remote access, its importance has only increased by the COVID-19 pandemic. We recommended using VPNs as one of the good security practices to follow while working remotely. From an attacker’s perspective, finding a VPN … Continued

DevOps best practices for vulnerability scanning

Considering the market dynamics and increasing competition in various industry segments, organizations seek to minimize their applications’ time-to-market. Companies adopt DevOps principles for improving the delivery speed and enhancing the agility in their workflows. While DevOps is not a new concept, it focusses on collaboration between development and operations within an organization. Due to this … Continued

Annual penetration testing v. continuous monitoring

Penetration tests have become an essential part of an organization’s security strategy to find and fix vulnerabilities before attackers exploit them. The frequency of penetration tests depends on a variety of factors such as regulatory requirements, risk assessment results, and available financial resources. Our clients often ask our experts about the right frequency for penetration … Continued

Penetration testing requirements for NIST SP 800-53

Year after year, security threats continue to get complicated and sophisticated. An enterprise cannot wait for attackers to exploit vulnerabilities in their systems. It needs to adopt proactive security measures to remain a step ahead of the attackers. Penetration testing is one such exercise that seeks to test the efficiency of enterprise systems. It aims … Continued

Who needs PCI ASV scans and why?

Payment Card Industry Data Security Standards (PCI DSS) are operational and technical requirements prescribed by the PCI Security Standard Council (PCI SSC). This standard applies to all entities that store, process, or transmit cardholder data. PCI SCC looks after maintaining the PCI DSS standard and its enforcement. Over the years, PCI DSS has achieved the … Continued

HIPAA Compliance for AWS-hosted SaaS

Amazon Web Services (AWS) is a leading cloud service provider. If you are a software-as-a-service (SaaS) provider, you may have availed one or more services from AWS. If you are working in the healthcare industry or your clients have covered entities that process, maintain, and store protected health information (PHI), HIPAA compliance becomes a necessity … Continued

PCI DSS compliance for your Azure hosted SaaS

Cloud computing has brought in a paradigm shift and transformed how organizations across the globe offer their services. Instead of setting up physical infrastructure, most organizations prefer moving to a cloud environment for on-demand access to resources. Cost-effectiveness and minimal management requirements further push SaaS providers to rely on cloud infrastructure, as compared to physical … Continued