While providing consultancy on cyber security, I am often asked a question by bank’s senior IT management — Why our application VAPT should be different than any other application VAPT? Isn’t it just a web app after all? I really Read more…
I guess most of us know why a vulnerability assessment and penetration testing needs to be performed for web apps or mobile apps. Lately I had been asked by IT product development companies to put together the most critical drivers Read more…
While there are many companies going for or considering GDPR implementation after 25th May 2018, there are a bunch of those who are still contemplating on what to do about it. GDPR is not as easy to implement as ISO Read more…
“Top Threats to Cloud Computing”, provides needed background to help organizations in making refined risk management decisions regarding their cloud adoption strategies. #Threat1- Misuse of cloud computing: PaaS providers have usually suffered most from this type of attacks. Recent evidence Read more…
Did you know that a mobile application, on an average has 9 vulnerabilities? Multiply that by the average number of installed applications (26.2) and you end up with an average of 235.8 vulnerabilities. In simple words, there are 235.8 ways Read more…
We all know that there are 3 distinct pillars of software testing – functional testing, security testing and performance testing. There are multiple tools out there, to make tester’s life easy. While these automations are a important, there are few Read more…
To the question in title, if I was a hacker I would ask myself “why not”?. Its simple really. Hackers always go for the data which either they can use for themselves or they can sell and earn money. PHI Read more…
2017 was clearly an year of ransomwares. We saw Locky, Petya, GoldenEye, Wannacry and their variants. The cases were pretty straight forward – Machines get infected with ransomware If it is a desktop usually nobody cares and formats the drive. Read more…
Year 2018 was full of cyber-attacks and the most serious news was about well-orchestrated cyber-attacks on banking industry. No matter how much awareness is generated, unfortunately the banking industry seems to be waking up only upon hearing about an attack Read more…
While choosing ISO27001 consultant or implementation partner, usually companies do not know the basis on which they should select the right vendor. Due to lack of adequate awareness and hence as a common practice, organisations choose to select ISO27001 Consultant Read more…