Imagine you just received your penetration test report. You scroll down and see only a couple of low-severity issues — maybe a clickjacking vulnerability or a misconfigured HTTP header. No critical bugs. No SQL injection. No exposed admin portals. Should you be relieved? Happy? Or maybe… a little concerned? ⸻ What Low or No Findings…
If you are a Singapore government vendor, such as a provider of CCTV systems or Building Management Systems (BMS), you will likely encounter cybersecurity terms like DAST, SAST, VAPT, SSAT and SSCT frequently in project requirements. These tests are critical to ensuring the security and compliance of systems, particularly for on-premise or air-gapped deployments. Their differences…
When working on government projects, security compliance is not a box-ticking exercise—it’s a contractual requirement with real impact on deployment timelines, payment milestones and long-term credibility. But what happens when a project component doesn’t fully meet the SSCT or Cybersecurity requirements? Are you out of options? Not necessarily. The Role of Waivers in SSCT or…
For many vendors supporting government projects—particularly those supplying Field Devices, CCTV systems or Building Automation / Management Systems (BMS)—the Security Compliance Testing (SSCT) requirements often comes as an unexpected hurdle. It’s not uncommon: your solution is technically ready, the integration is working, and the project is on track… until the email comes in:“Please submit your…
Singapore’s digital infrastructure is governed by a robust set of cybersecurity frameworks. For companies working with government agencies or financial institutions, compliance is no longer optional—it’s a critical success factor. This guide explains three of the most important frameworks: IM8 – The baseline for all public sector IT systems SSCT – The mandatory pre-launch cybersecurity…
Penetration testing (pentesting) is a critical process for identifying vulnerabilities in applications and systems by simulating real-world attacks. The three primary approaches—black box, grey box, and white box—differ in the level of knowledge and access provided to the tester. Each approach has specific use cases, effort levels, and applicability depending on the application type, such…
Modern mobile applications come with layers of in-app security controls designed to prevent tampering, reverse engineering, and data theft. These mechanisms—while essential for protecting users in production—can pose a challenge for security testers aiming to uncover deeper, real-world vulnerabilities. In this blog, we’ll explore common in-app protections such as root/jailbreak detection, runtime tampering detection, SSL…
You didn’t share your seed phrase. You used two-factor authentication. You even stored most of your funds in a hardware wallet. So how did your crypto vanish? In 2025, attackers don’t always go after the exchange or the wallet provider—they go after you, using the one tool you trust most: Your browser. What’s a Browser-Based…
Most company policies are written with good intentions. But let’s face it — most employees don’t read them, or at best, skim through them on their first day. The problem? Ignoring these policies could be making life far too easy for attackers. If hackers were drafting your company policies, they’d probably look a lot like…
In the ever-evolving landscape of cyber threats, relying on a single penetration testing vendor for all your application security needs can be a risky proposition. Just as real-world attackers aren’t a monolithic entity – there’s no rulebook dictating which specific group will target your application – your defenses benefit immensely from diverse perspectives. Different attacker…