PCI DSS ASV scanning explained for dummies

Organizations across the globe are increasingly adopting PCI DSS to demonstrate that they securely store payment card data. Payment Card Industry Data Security Standards (PCI DSS) is a set of technical and operational requirements laid down by the PCI SSC (PCI Security Standard Council). Over the years, PCI DSS has become a reasonably expected compliance … Continued

Firewall penetration testing explained

Firewalls form the first line of defense in your organization’s IT infrastructure. As a result, the attackers are most likely to scan and exploit existing vulnerabilities. A firewall can be either software or hardware. It continuously inspects your organization’s incoming and outgoing traffic. Generally, firewalls have predetermined rules and policies to either grant or deny … Continued

Agile security testing for applications – the way forward?

Businesses are increasingly moving towards adopting DevOps in their development process so that the time-to-time (TTM) is reduced. With the second decade of this millennium coming to an end, the development lifecycle for any software development project cannot be static stages with teams working in their silos with minimum communication with each other.   While at the same … Continued

Phishing as a Service

Over the years, phishing attacks have become fairly sophisticated, and to counter them, many technology-based solutions have been developed to prevent such attacks. However, the only practical solution is to educate employees so that they do not end up on clicking malicious links, filling online forms, or unintentionally sharing confidential information about your business.   Technological solutions such as … Continued

Types of Application Security Testing

As we are getting more reliant on various applications to make our life easier or make business processes efficient, the threats have certainly increased to the extent that not considering security during the development of an application may cause irreparable damages. To minimize the chances of an application from being attacked as well as subsequent damages – reputational as well as financial, … Continued

Application Security Testing Best Practices – Part I

With cyber attacks increasing exponentially, security testing has become a necessity for organizations across the globe. Even if an organization has developed an application by properly following secure coding principles, the application still requires significant and rigorous testing before it is finally deployed. After deployment, security testing activities have to be regularly performed to ensure that just in case … Continued

DAST: Things You Should Know

The relationship between security testing and applications is a never-ending story. Even after an application is deployed, security testing activities are continuously carried out. Since absolute security is a myth, one can always strive to achieve the maximum level of security possible. Dynamic Application Security Testing, or DAST, helps a business by addressing the areas which … Continued