Firewall penetration testing explained

Firewalls form the first line of defense in your organization’s IT infrastructure. As a result, the attackers are most likely to scan and exploit existing vulnerabilities. A firewall can be either software or hardware. It continuously inspects your organization’s incoming and outgoing traffic. Generally, firewalls have predetermined rules and policies to either grant or deny … Continued

DevOps best practices for vulnerability scanning

Considering the market dynamics and increasing competition in various industry segments, organizations seek to minimize their applications’ time-to-market. Companies adopt DevOps principles for improving the delivery speed and enhancing the agility in their workflows. While DevOps is not a new concept, it focusses on collaboration between development and operations within an organization. Due to this … Continued

Automated Penetration Testing: A myth or reality?

Automation is a buzzword in many industries these days. If you have been following the cybersecurity industry lately, automated penetration tests, security automation, AppSec automation, etc. are some of the terms that have seen massive popularity in the last 1-2 years. In this article, we explore whether automated penetration testing is a myth or reality.  DAST … Continued

What is NIST Penetration Testing?

Introduction NIST (National Institute for Science & Technology) is a US Department of Commerce agency. Under the Federal Information Security Management Act of 2002 (FISMA), it is responsible for developing standards and guidelines for information security, including the prescription of minimum requirements for US federal information systems. Generally, the guidance documents published by NIST are more … Continued

Application Security SaaS – Pros and Cons 

The number of vulnerabilities that have been discovered in recent years has been increasing exponentially. Attackers are now getting more sophisticated than ever, and they are heavily focussing on the information having tangible value. Organizations have been investing in terms of security and money, and this investment is bound to increase significantly in the years to come.  … Continued

Vulnerability Assessment and Penetration Testing in AWS for SOC 2 Compliance

Many organizations have now started considering security as an essential factor while choosing a vendor. This shift has led to a surge in service providers opting for SOC 2 compliance to demonstrate that they have implemented an adequate level of security controls, and an authorized third party has audited these controls.  SOC, or the System Organization Control, prescribes five trust service principles (TSPs) … Continued

Penetration Testing as a Service (PTaaS) – Why?

Modern-day businesses remain under a constant threat from a wide range of vulnerabilities. And the pace at which the vulnerabilities are being discovered in applications and software, a business must not keep calm and let the time take its course. In the last decade or so, penetration testing has evolved into a go-to method for businesses … Continued

BreachLock Guide on NYDFS Cybersecurity Regulation

The level of threat posed to IT systems by attackers with malicious intent (or independent criminal actors), nation–states, and terrorist organizations is exponentially increasing. With the ever-growing attack surface area, cybercriminals are actively looking for vulnerabilities in the technical systems. These vulnerabilities are then exploited to gain access to sensitive electronic data. Based upon this line … Continued

PCI Penetration Testing

The first version of the PCI DSS standard was released in 2004 for laying down the minimum security requirements when it comes to handling and managing customers’ card information. Over the years, different versions have been introduced, and at present, version 3.2.1 is the latest version released in May 2018. In this article, we will discuss the role of penetration testing … Continued