Automated penetration testing tools

Our clients often ask whether they should go for automated or manual penetration testing. The ideal recommendation is to follow a mixed approach. Absolute reliance on either of the methods can have a fair share of disadvantages. For example, manual penetration testing is time-consuming, and your team will not be utilizing the benefits of automated … Continued

Top 5 open-source tools for network vulnerability scanning

Organizations conduct vulnerability assessments for their networks to identify the existing vulnerabilities, weaknesses, and loopholes. The results of such an assessment can help a network administrator in understanding the security posture of their network and implement defensive measures against potential threats and vulnerabilities. So often, vulnerability assessments involve a network vulnerability scanner tool which can … Continued

DevOps best practices for vulnerability scanning

Considering the market dynamics and increasing competition in various industry segments, organizations seek to minimize their applications’ time-to-market. Companies adopt DevOps principles for improving the delivery speed and enhancing the agility in their workflows. While DevOps is not a new concept, it focusses on collaboration between development and operations within an organization. Due to this … Continued

HIPAA Compliance for AWS-hosted SaaS

Amazon Web Services (AWS) is a leading cloud service provider. If you are a software-as-a-service (SaaS) provider, you may have availed one or more services from AWS. If you are working in the healthcare industry or your clients have covered entities that process, maintain, and store protected health information (PHI), HIPAA compliance becomes a necessity … Continued

Penetration testing and vulnerability scanning for GDPR

GDPR completed its second anniversary in May this year. In one of our earlier articles, we discussed how NYDFS Cybersecurity Requirements for Financial Services Companies is a rare regulation that explicitly states penetration testing and vulnerability assessments. Unlike NYDFS, GDPR does not explicitly cover either of these, which leads to a lack of clarity. In … Continued

NIST 800-171: Penetration testing and vulnerability scanning

In June 2015, NIST published a special publication 800-171 focusing on the protection of controlled unclassified information (CUI). This publication has been developed by NIST to further its statutory obligations under the Federal Information Security Modernization Act (FISMA) of 2014. Over the last five years, there have been a couple of revisions, and the latest … Continued

Penetration Testing and Vulnerability Scanning Controls for ISO 27001

Penetration testing has become a necessity for modern-day enterprises. An organization has to remain proactive in finding & fixing vulnerabilities in its systems before the attackers do. In addition to this, more and more laws and regulations now require organizations to implement reasonable security practices to maintain confidentiality, integrity, and availability of their data. While … Continued