Defcon is the time when I have no business meetings and am quite disconnected with the world. A good time to immerse myself in my own thoughts. Last week during Defcon @ Las Vegas, I was thinking on how difficult it is build a secure system. We get amazed by hacking various stuff but is lot more amazing to think how tough it is to build a secure system.

"Halting problem" makes it practically impossible to build a secure…

(Source: Defcon 22-Las Vegas)

(Source: Defcon 22-Las Vegas)

The last fortnight has been like real busy @CISO Platform Annual Summit, 2013. But taking into consideration the brainstorming sessions,the brimming CISOs, the altogether wonderful experience, it all seems worth it! Nevertheless, there are always great talks on which we like to catch on any time again!

( Read more: …

A common question is why should we get a third party penetration testing company? Why not choose a team from your current technical group to handle the network security test? For one, security audits like traditional financial audits are better done by outside companies with no bias and partiality to anyone or anything within your organization. Another reason to hire a security testing company is that one may find it difficult to hire and retain Penetration…

What is SAST?

SAST or Static Application Security Testing is the process of testing the source code, binary or byte code of an application. In SAST you do not need a running system.

What is DAST?

DAST or Dynamic Application Security Testing is the process of testing an application during its running state.  In…

Safe Penetration Testing – 3 Myths and the Facts behind them

Penetration testing vendors will often make promises and assurances that they can test your Web Applications safely and comprehensively in your production environment. So when performing Penetration Testing of a Web Application that is hosted in a Production Environment you need to consider the following myths and facts which can directly or indirectly end up causing you…

The Internet has plenty of crackers, known as  "black hats", who work to exploit computer systems.You also have white hats. When hackers are hired by companies to do penetration testing, it's legal and known as white hats. In this section we profile five of the most famous  and all time favourite "black hat"…

MIT got hacked.Anonymous defaced the MIT to protest against the case of “Aaron Swartz”.

Without getting into who really hacked or the “cause” behind the protest, I just wanted to dissect it as an interesting case of multi-stage attack which proves that just securing your application is not good enough.…

White Hat Hackers

White Hat Hackers

Hackers that use their skills for good are classified as white hat. These white hats often work as certified Ethical Hackers, hired by companies to test the integrity of their systems. Others, operate without company permission by bending but not breaking…