Web Application Firewall (WAF) has become a security imperative and absence of a WAF gets raised as a risk or an audit finding. However, many auditors and risk assessors miss some or all of the below 6 important areas related to WAF. So, here they are.
As Pentester, auditor, or risk assessor, it is important to understand difference
To all those system and network administrators out there, who are thinking of jumping onto the infosec bandwagon, pentesting style because of the glamour quotient, remember - defense is better than offense. Read on...
Are you a top-down or bottom-up person? Answer to this question will be important if you are thinking about a switch into cybersecurity or move laterally within cybersecurity. Read on.
I am an information security professional. I have some scary certifications that make people think highly of me till i open my mouth. Well…. This personal site / blog is my attempt to write about information security the way I want.
CAPTCHA is a valid security control. However, lack of it may not be a valid vulnerability in all cases and 'lack of CAPTCHA' is definitely not a risk. May be part of risk.
Cybersecurity is one of buzz-words promising the la-la land these days. Everyone is running towards it. However, it will help if one is aware of the 2 big risks.
My 2 cents on a day in a pentester's life, from the vantage point of someone who does it (sometimes) but observes it (a lot). TLDR - it is not all pentesting!
How to get more value out of a pentest.
This is a live post; it will undergo changes, which are captured in change log, provided at the end of this post.
assuming you have a valid account with tenable and have paid for your license.
I got many comments (thank you, everyone, as I learnt a lot) for my article that I published some time back.