Never miss a story

Get subscribed to our newsletter


×
The usual form of penetration testing involves a small number of researchers. Pixabay

By Naman Rastogi

As common as penetration testing is in the world of cybersecurity and compliance with data protection standards, there are many things one may forget when hiring a penetration testing service provider. Comprehensive website Penetration testing in India is usually undertaken to ensure that the system is protected along with its servers, data, and users. The procedure employs the help of authorized hackers to simulate a hacking attempt into the system in various capacities, modes, and on various platforms like web applications, individual sites, and networks.


There are usually specific objectives attached with such penetration testing procedures, such as assuming privileged access and understanding the security risks and vulnerabilities associated with the system, possibly allowing illegitimate activities like stealing of sensitive data.

Follow NewsGram on Instagram to keep yourself updated.

What determines an efficient penetration testing service?

The usual form of penetration testing involves a small number of researchers running tests and prodding through the network for a fixed fee. The selected third-party service provider assigns individuals with specific talents on different portions of the same task so that each tester is involved in their skilled area.

  • The entire process is visible to all stakeholders

Whitehat security testing procedures, while useful and necessary, face criticism for being too complicated and technical for all involved individuals to understand the process. However, this is a myth and simply depends on your provider being open and communicative about the steps taken, both basic and unique to your organization.

Critical vulnerabilities should be identified quickly and conveyed to those involved in the testing process and information be modified and tuned for everyone’s understanding. This line of communication should involve proper transparency and visibility to all stakeholders.


The entire process is visible to all stakeholders. Flickr

  • Advanced levels of manual testing

Asking for a testing methodology from your preferred third-party provider will also help guarantee their accountability and quality. Automated security testing tools, while efficient and comprehensive, still lack the ability of manual testing to reach the nooks and crannies as a gift of human thinking and adaptability.

If you’re already aware of the security standard your organization requires, like OWASP, PTES, WASC, etc, you can easily verify if the testing methodology of the provider aligns with this.

The indicators of the firm’s requirements and some specific keywords in their marketing strategies also help in identifying the style of testing such as ‘manual’, ‘deep-dive, ‘customized’, etc.

Ask for a simple report format to study what their findings include and their scope of scanning for issues and security risks. You will require some prior knowledge and awareness of the usual standards to understand if they offer basic or advanced services. There are testing firms that also offer a ratio of automated to manual testing, inclusive of other features as well, which provides a good image of the service provider you’re going for.

  • Communication and reachability

An ideal service provider will initiate constant communication with the organization throughout the testing procedure for discussing issues, vulnerabilities that have been discovered during and after the testing process, and provide platforms for constant engagement and clearing concerns whenever required.


Communication is the key. Pixabay

Ideally, there are systems that offer secure online project management which includes the various phases of the penetration testing procedure, the current phase of the project, and easy forms of direct communication with the different individuals in charge of different parts of the process.

The most important part of the communication strategy should be informed of vulnerabilities immediately on identification, the level of criticality, estimated impact on the business, and other information in real-time for future testing and the internal IT team of the company.

Such direct points of information will help your team in the future to recognize these vulnerabilities as they occur and take quick steps for resolving them, thus avoiding the potential impact on the business and its customers. If the testing provider allows you to remediate and retest in the initial testing period itself, you can use these details before receiving the final report to explore further.

  • Assistance in remediation and retesting whenever needed

Before signing up for anything, always clarify with the provider on their services offered after the final report is delivered. Not a lot of penetration testing companies provide after-service, which is a necessary step because of the amount of work required for solving issues and dealing with their impact.

ALSO READ: Top Online Programming Trainings to Enter Your Dream Organisation

This is the actual part of the penetration testing process that requires real work, taking weeks and months based on how many issues are found and their associated complexities. At least one representative of the penetration testing provider involved in the process should be available with your IT team for assisting in this process and understanding the true impact of the findings.

In this manner, you can use this list to be a starting point in your hunt for an ideal penetration testing service provider. Often, the kind of security experts you hire can make a huge difference in the long run.

(Disclaimer: The article is sponsored and hence promotes some commercial links.)


Popular

Photo by Wikimedia Commons.

Char Dham Yatra resumed on Friday with more than 16,000 devotees resuming the pilgrimage from the Rishikesh camp.

As weather cleared up in Uttarakhand, Char Dham Yatra restored on Friday with more than 16,000 devotees resuming the pilgrimage from the Rishikesh camp.

According to sources, road leading to Badrinath has been repaired and helicopter service has also resumed.

Meanwhile, Uttarakhand Chief Minister Pushkar Singh Dhami visited Dungi village and met families of people who were missing after the landslip incident, and consoled them.

Dhami assured them of all possible assistance. Two people from the village are still reported to be missing.

Pilgrims were seen leaving from Rishikesh Char Dham Bus terminal and Haridwar bus station for the pilgrimage since morning.

As per the state government, various departments -- Devasthanam Board, police are assisting the pilgrims.

Police Chowki Yatra Bus Terminal, Rishikesh, was announcing passenger-information via loudspeaker.

Free RT-PCR tests of pilgrims were being conducted at Rishikesh bus terminal.

Uttarakhand Char Dham Devasthanam Management Board's media in-charge Dr Harish Gaur said pilgrimage was on in Kedarnath, Gangotri and Yamunotri, while for Kedarnath, helicopter service was also available.

Though the weather was cold in all dhams, thankfully there was no rain, he added.

Portals of the temple in Badrinath will close on November 20, Gangotri on November 5, while that of Kedarnath and Yamunotri on November 6.

Uttarakhand floods, triggered by a major downpour from October 17 to 19, have claimed 65 lives so far, 3,500 people have been rescued while 16,000 evacuated to safety.

Seventeen teams of National Disaster Response Force (NDRF), seven teams of State Disaster Response Force (SDRF), 15 companies of Provincial Armed Constabulary (PAC) and 5,000 police personnel have been engaged in rescue and relief operations.

The state has already been provided with Rs 250 crore Disaster Fund which is being used for relief works.

To prevent spread of the diseases, the Central and state governments have decided to send medical teams to the affected areas.

Snapped power lines will be restored at the earliest, the government assured.

The state government said that as soon as alert for heavy rainfall was issued, the Incident Response System was activated at state and district levels, and pilgrims were halted at safer places. (IANS/JB)

Keywords: Uttarakhand, India, Char Dham Yatra, PushkarDhami, Rishikesh.


Photo by Wikimedia Commons.

Naga leaders are adamant in their main demands for a separate Constitution and flag.

The Centre has continued the Naga peace talks with the Isak-Muivah faction of National Socialist Council of Nagalim (NSCN-IM) leaders, but negotiations face roadblocks as the Naga leaders are adamant in their main demands for a separate Constitution and flag.

The sources aware of these developments said that the Centre was hopeful that a successful solution of the six decades-long peace talks would arrive at a logical conclusion, but in the recent statements, Naga leaders have accused the Centre of offering post-solution options.

Sources quoting the stand of Naga leaders said that NSCN's stand was loud and clear that it would not follow the forbidden route to the Naga solution that was linked to foregoing the Naga national flag and Constitution, which is the face of the Naga political struggle and identity.

The Naga leaders have also said that the Centre has been using divisive policy and flattery in the name of finding the Naga political solution when the matters heated up.

When the Centre resumed the peace process in September this year and sent the former special director of the Intelligence Bureau (IB) A.K. Mishra as the Ministry of Home Affairs' emissary to the rebel outfit's chief negotiator and general secretary T. Muivah, he assured him (Muivah) that the peace talks would be initiated under the original framework signed in 2015, a source in the Naga rebel group said.

"Here we are talking about the Naga national flag and Yehzabo (Constitution), the two issues that are holding up the Naga solution under the ongoing Indo-Naga political talks in Delhi.

"The chequered history of the Indo-Naga political issue is clear enough before us, with accords and agreements that were never meant to be implemented in letter and spirit", an important office-bearer of the rebel outfit said while criticizing the governments' stand.

Accusing the Centre, he further accused the Centre of persuading the Naga people again to accept whatever is being offered to hurry up the Naga talks.

On the invitation of the Centre, the senior leaders of the NSCN-IM including T. Muivah arrived in the national capital on October 6 this year to hold another round of talks with the Centre.

Both, the Centre and the Naga leaders had indicated their keenness on resolving this long pending issue by the end of this year in an amicable manner.

Assam Chief Minister Himanta Biswa Sharma, who is also chairman of North East Democratic Alliance (NEDA), and Nagaland Chief Minister Neiphiu Rio had been actively involved in the resumption of the peace talks and taking it forward to a logical conclusion.

Soon after the transfer of Nagaland Governor R.N. Ravi, who was appointed as the Centre's interlocutor for the Naga peace talks on August 29, 2014, to Tamil Nadu, the peace talks resumed on September 20 in Kohima when the Centre representative met the Naga leaders and invited them to visit Delhi for further rounds of peace talks.

The NSCN-IM and the other outfits entered into a ceasefire agreement with the Government of India in 1997 and over 80 rounds of negotiations with the Centre have been held in the past in successive governments. (IANS/JB)

Keywords: Nagaland, India, Constitution, Politics, Flag.


Photo by Wikimedia Commons

India-England test series will now be played next year from July 1 at Edgbaston Stadium

The series decider for the Test series between England and India will now be played at Edgbaston from July 1 next year, said the England and Wales Cricket Board (ECB) on Friday. India is currently leading the series 2-1 before the fifth Test at Old Trafford was cancelled hours before the start due to concerns over COVID-19 outbreak in the tourists' camp.

"The fifth match of the LV= Insurance Test Series between England Men and India Men has been rescheduled and will now take place in July 2022. The match, which was due to take place last month at Emirates Old Trafford, was called off when India were unable to field a team due to fears of a further increase in the number of Covid-19 cases inside the camp," said an ECB statement.

"With India leading the series 2-1, the concluding fifth match will now take place from July 1, 2022, at Edgbaston, following an agreement between the England and Wales Cricket Board (ECB) and the Board of Control for Cricket in India (BCCI)," added the statement.

ECB also said that due to the rescheduled Test, the white-ball series between England and India will now start six days later than originally planned. The T20I series will begin on July 7 at Ageas Bowl with Edgbaston and Trent Bridge hosting the second and third matches respectively on July 9 and 10. It will be followed by the ODI series starting on July 12 at The Oval followed by Lord's and Old Trafford hosting the second and third ODI on July 14 and 17 respectively.

"Ticket holders do not have to take any action as all tickets will remain valid for the equivalent rearranged matchday at their host venue. Host venues will communicate the new fixture details to ticket purchasers and the options available to them, including the timeframe for requesting a refund if they are not able to attend the new match day," further said the statement.

"We are very pleased that we have reached an agreement with BCCI to creating a fitting end to what has been a brilliant series so far. I'm very grateful to all the venues involved for the cooperation they've shown in allowing us to reschedule this match. I'd also like to thank Cricket South Africa for their support and understanding to allow these changes to be possible," said Tom Harrison, the CEO of the ECB.

"We would like to apologise again to fans for the disruption and disappointment of September events. We know it was a day that so many had planned long in advance. We recognise that accommodating this extra match means a tighter schedule for the white ball series. We will continue to manage our players' welfare and workloads through next year while we also continue to seek the optimum schedule for fans, players and our partners across the game."

"I am delighted that the England-India Test series will now have its rightful conclusion. The four Test matches were riveting, and we needed a fitting finale. The BCCI recognizes and respects the traditional form of the game and is also mindful of its role and obligations towards fellow Board Members. In the last two months, both BCCI and the ECB have been engaged in discussions and our efforts were aimed at finding a suitable window. I thank the ECB for their understanding and patience in finding an amicable solution," said BCCI Secretary Jay Shah. (IANS/JB)

Keywords: India, Britain, BCCI, Test Match, Cricket.