#1 Trending Cybersecurity News & Magazine
Wednesday, December 6, 2023
No Result
View All Result
The Cyber Express
  • MagazineDownload
  • Firewall Daily
    • All
    • Bug Bounty & Rewards
    • Dark Web News
    • Data Breach News
    • Hacking News
    • Ransomware News
    • Vulnerabilities
    Nget Stealer information stealer

    Nget Stealer Targets Cryptocurrency Wallets, Poses New Surface-Level Menace

    CISA

    CISA Warns of ColdFusion Vulnerability: Immediate Security Patching Required

    Henry Schein data breach

    Ransom Paid, Yet Struck Again: Henry Schein Hit by Third Cyberattack

    MAPC Cyberattack

    LockBit Claims Cyberattack on Metropolitan Area Planning Council, Sets December 8 Deadline

    cyberattacks on Israeli organizations

    Cyber Toufan Team Strikes Again: Israeli Organizations Allegedly Hit by Cyberattacks

    TraCS Florida cyberattack

    ALPHV/BlackCat Claims Cyberattack on TraCS Florida, Website Outage Raises Doubts

    Income Tax Department of India

    India’s Income Tax Department Data Breach: Threat Actor Sets Price for Access

    James Yoo

    The Man Behind the Arlington Explosion: Ex-Telecom Security Chief Suspected

    SPARRSO data breach

    Cyberattack on SPARRSO Raises Concerns Over Security in Bangladesh

    Trending Tags

    • blackbyte ransomware
    • Ransomware
    • lapsus$ ransomware
    • Apple
    • Apple vulnerability
  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    AI Security Guidelines

    Rethinking AI For Cybersecurity: The UK & US Reveals New Guidelines For AI Security

    Cyber Insurance

    Cyber Insurance and Real-Time Threat Dashboard to Mend the Gaps in Near Future

    Pledge to Stop Ransom Payment

    Pledge to Stop Ransom Payment Awaits Consensus from all Members of the CRI

    Executive Order on Artificial Intelligence

    Biden Administration’s AI Directive: A Blueprint for Ethical Use and Enhanced Cybersecurity

    Cyber Resilience

    Towards Cyber Resilience: A Data-Centric Approach to Security

    CybleGrowCon

    Cyble Partner Network GrowCon 2023: Uniting Cybersecurity Leaders

    GRC, What is GRC

    What is GRC (Governance, Risk & Compliance): A Beginner’s Guide

    Facial Recognition Ban

    New York State Education Department Bans Facial Recognition Scans in Schools

    US Cybersecurity Regulations: Tracing the Past and Predicting the Future

    US Cybersecurity Regulations: Tracing the Past and Predicting the Future

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • All
    • Appointments
    • Budgets
    • Mergers & Aquisitions
    • Partnerships
    • Press Release
    • Startups
    InsureMO

    InsureMO Partners with Cyble to Revolutionize Cyber Insurance with Real-Time Threat Intelligence

    Countdown to TimeAI Summit 2023

    Countdown to TimeAI Summit 2023: Unveiling the Future of Artificial Intelligence in Dubai

    Emerging Tech Summit

    The Emerging Tech Summit – Saudi Arabia 2023

    Business Cybersecurity

    Prioritizing Business Cybersecurity Plans During Mergers and Acquisitions

    TimeAI Summit

    TimeAI Summit is Uniting Tech Giants and Visionaries in Dubai to Shape the Future of AI

    CyberDSA 2023

    CyberDSA 2023: Forging a Resilient Digital Future Through Unprecedented Collaboration

    Summit MENA 2023

    MENA Summit 2023: Exploring the Future of Digital Identity & Authentication

    Cyble Raises 24 Million in Series B Funding

    Cyble Raises 24 Million in Series B Funding: Leveraging AI and Threat Intelligence to Revolutionize Cybersecurity

    Alarming 66% Quarterly Growth in Ransomware Attacks Notes Cyble’s Q2-2023 Ransomware Report

    Alarming 66% Quarterly Growth in Ransomware Attacks Notes Cyble’s Q2-2023 Ransomware Report

    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • EventsCyberCon
    • World CyberCon India 2023
    •  Cyber Security Webinar
    • Endorsed Events
  • ProductsTools
    • Cyble Vision
    • Cyble Hawk (LEA, Govt.)
    • Am I Breached
    • Cyble Odin
SUBSCRIBE
  • MagazineDownload
  • Firewall Daily
    • All
    • Bug Bounty & Rewards
    • Dark Web News
    • Data Breach News
    • Hacking News
    • Ransomware News
    • Vulnerabilities
    Nget Stealer information stealer

    Nget Stealer Targets Cryptocurrency Wallets, Poses New Surface-Level Menace

    CISA

    CISA Warns of ColdFusion Vulnerability: Immediate Security Patching Required

    Henry Schein data breach

    Ransom Paid, Yet Struck Again: Henry Schein Hit by Third Cyberattack

    MAPC Cyberattack

    LockBit Claims Cyberattack on Metropolitan Area Planning Council, Sets December 8 Deadline

    cyberattacks on Israeli organizations

    Cyber Toufan Team Strikes Again: Israeli Organizations Allegedly Hit by Cyberattacks

    TraCS Florida cyberattack

    ALPHV/BlackCat Claims Cyberattack on TraCS Florida, Website Outage Raises Doubts

    Income Tax Department of India

    India’s Income Tax Department Data Breach: Threat Actor Sets Price for Access

    James Yoo

    The Man Behind the Arlington Explosion: Ex-Telecom Security Chief Suspected

    SPARRSO data breach

    Cyberattack on SPARRSO Raises Concerns Over Security in Bangladesh

    Trending Tags

    • blackbyte ransomware
    • Ransomware
    • lapsus$ ransomware
    • Apple
    • Apple vulnerability
  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    AI Security Guidelines

    Rethinking AI For Cybersecurity: The UK & US Reveals New Guidelines For AI Security

    Cyber Insurance

    Cyber Insurance and Real-Time Threat Dashboard to Mend the Gaps in Near Future

    Pledge to Stop Ransom Payment

    Pledge to Stop Ransom Payment Awaits Consensus from all Members of the CRI

    Executive Order on Artificial Intelligence

    Biden Administration’s AI Directive: A Blueprint for Ethical Use and Enhanced Cybersecurity

    Cyber Resilience

    Towards Cyber Resilience: A Data-Centric Approach to Security

    CybleGrowCon

    Cyble Partner Network GrowCon 2023: Uniting Cybersecurity Leaders

    GRC, What is GRC

    What is GRC (Governance, Risk & Compliance): A Beginner’s Guide

    Facial Recognition Ban

    New York State Education Department Bans Facial Recognition Scans in Schools

    US Cybersecurity Regulations: Tracing the Past and Predicting the Future

    US Cybersecurity Regulations: Tracing the Past and Predicting the Future

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • All
    • Appointments
    • Budgets
    • Mergers & Aquisitions
    • Partnerships
    • Press Release
    • Startups
    InsureMO

    InsureMO Partners with Cyble to Revolutionize Cyber Insurance with Real-Time Threat Intelligence

    Countdown to TimeAI Summit 2023

    Countdown to TimeAI Summit 2023: Unveiling the Future of Artificial Intelligence in Dubai

    Emerging Tech Summit

    The Emerging Tech Summit – Saudi Arabia 2023

    Business Cybersecurity

    Prioritizing Business Cybersecurity Plans During Mergers and Acquisitions

    TimeAI Summit

    TimeAI Summit is Uniting Tech Giants and Visionaries in Dubai to Shape the Future of AI

    CyberDSA 2023

    CyberDSA 2023: Forging a Resilient Digital Future Through Unprecedented Collaboration

    Summit MENA 2023

    MENA Summit 2023: Exploring the Future of Digital Identity & Authentication

    Cyble Raises 24 Million in Series B Funding

    Cyble Raises 24 Million in Series B Funding: Leveraging AI and Threat Intelligence to Revolutionize Cybersecurity

    Alarming 66% Quarterly Growth in Ransomware Attacks Notes Cyble’s Q2-2023 Ransomware Report

    Alarming 66% Quarterly Growth in Ransomware Attacks Notes Cyble’s Q2-2023 Ransomware Report

    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • EventsCyberCon
    • World CyberCon India 2023
    •  Cyber Security Webinar
    • Endorsed Events
  • ProductsTools
    • Cyble Vision
    • Cyble Hawk (LEA, Govt.)
    • Am I Breached
    • Cyble Odin
No Result
View All Result
The Cyber Express
No Result
View All Result
Home Interviews

Traditional Pen Testing is Never Going to Guarantee Foolproof Security

Ashish Khaitan by Ashish Khaitan
September 21, 2022 - Updated on January 20, 2023
in Interviews, Main Story
2
Ankit Singh cyber security researcher
602
SHARES
3.3k
VIEWS
Share on LinkedInShare on Twitter

Ankit Singh is an independent cyber security researcher, ethical hacker, and bug hunter. He currently ranks among the Top 85 Bugcrowd researchers globally and bagged the second position in the global Live Hacking Event with Indeed at Vegas Bug Bash 2022.

Over the years, Singh has been involved in several cybersecurity audits for the Govt. of India as well as finding bugs for big organizations, such as Microsoft, Apple, Yahoo, Twitter, Amazon, Visa, Adobe, Mastercard, IBM, and Western Union among others. Awarded the second position in the Okta Bug Bash 2021, a global live hacking event conducted by Okta & Bugcrowd, Singh was also rewarded 750,000 MileagePlus miles from United Airlines for reporting security bugs within their bug bounty acquisition. In 2021, he won the “Most Interesting Bug” award for Okta Bug Bash.

You might also like

Emerging Trends and Challenges in Cybersecurity: Insights from Abul Kalam Azad

Elevating Cyber Learning: Interactive Entertainment in Cybersecurity Training

Dark Web’s Black Market: Where Stolen Identities Find Their Secret Price Tag

In an exclusive interview with The Cyber Express, Ankit shares his journey as an ethical hacker, how he succeeded in his career, and what skill sets helped advance him in cybersecurity.

Here is an excerpt from the interview.

TCE: What myth would you like to dispel about ethical hacking or cybersecurity in general? 

Ankit Singh: From my personal experience, the carelessness of organizations for not having a definite cyber security plan or strategy is itself a big problem. Still, there are organizations living in a myth that no one is going to breach through their application or server, and they just don’t bother about it unless a breach actually takes place. 

I remember in my early days of ethical hacking, when I was not aware that something like bug hunting platforms existed, I had found some RCE sort of bugs in the production websites of some organizations. I remember I tried hard to find their contact and called them about the issue, and they just hung up the phone before I could even complete it. 

Maybe they didn’t bother, or maybe they were not too sure about what security breaches are about.

TCE: If you could teach the entire world just one security concept, what would it be?

Ankit Singh: There is no hotfix for social engineering. No matter how secure your applications and servers are, no matter the number of firewalls and IDS/IPS you have in your setup. But there is no treatment for the foolish acts that we may do knowingly or unknowingly. There have been many case studies in the past where some critical hacks were accomplished solely on the basis of social engineering. There must be a proper awareness plan and strategy to tackle social engineering attacks too.

TCE: From a cybersecurity standpoint! How far does cybersecurity certification help individuals in their careers? 

Ankit Singh: What is your take on cybersecurity certification vs. self-learning? As per my personal experience, today, the emphasis is more upon what one is capable of, about one’s skill set rather than the papers we’re holding. I’ve seen many successful ethical hackers and researchers coming from entirely different backgrounds and streams making an impact in the cybersecurity industry.

As far as the professional career goes, then today’s organizations tend to assess more of your industrial skill set rather than relying upon what your documents say. If you’re aspiring to join a research team or a product-based organization, then most of the time, it would be your skill set that would matter. 

If you’re opting for a service-based organization, then such organizations would need to outsource resources to their clients, so in such cases, your certifications may help. No doubt that certification may play as an add-on, but ultimately it’s your skill set that largely determines your career aspirations. 

TCE: What security incident or event had the most significant impact on your life? 

Ankit Singh: Prior to the epidemic, I was a regular participant of Null events. But afterward, I started following some of the presentations from the virtual conferences. The research presentations by James Kettle had the most significant impact on my security journey. His intense research in the field of web cache poisoning and HTTP desync attacks is just incredible and personally inspired me a lot.

TCE: What do you wish other people understood about ethical hacking and your work?

Ankit Singh: I wish I could help change the world’s perception towards “Hacking.” I want them to look at it from a perspective of “art” and one’s “creativity” rather than merely a subject or skill. Your understanding of technology is the “subject,” and the additional creativity you employ is “hacking.” 

Since technology will always be enhanced and applications will always be developed, there won’t be any boundaries to hacking. So this can never be referred to as a particular “subject.” 

This way, the organizations would understand that the number of firewalls, IDS/IPS, or traditional pen tests does not guarantee you foolproof hardened systems because there are no limits for creativity, and so it applies to hacking. 

TCE: From a bug bounty standpoint, India is not in the big leagues compared to countries like the USA, where all the major government bodies run bug bounty programs. Even though India has produced some of the most phenomenal ethical hackers, the Indian government does not provide equal opportunities for young talents to show their skills. Why do you think there is a trend like that in India?

Traditional pen testing is never going to guarantee you foolproof security. I have been at both sides of the profession, a full-time penetration tester and now a full-time bug hunter. And I’m absolutely aware that traditional pen tests are not capable enough to cover up all of your bugs. Because as I said earlier, “Hacking” is not a subject, but it’s just about the creativity you invest in.

You’re never too sure from where a cybercriminal would craft their creativity to intrude and breach into your systems. So I strongly believe that having a bug bounty program for your assets (rather be it in a staging environment if concerned about the real-time impact) would definitely help to uncover the never-seen-before security flaws. 

TCE: Do you have a prediction or hunch about how cybersecurity will change in the future? 

Ankit Singh: As I said earlier that technology will be ever enhancing and expanding, and so the scope of opportunity to intrude through the technology would also augment in parallel. With the sophistication in machine learning and AI, there would be a more complex but enhanced form of cyber security that would emerge. 

Alongside, cyber threats would also grow in scale and complexity. So this war of cats and dogs will always remain a mainstream issue. As part of this cyber security community, our objective should be to “White Hat” the cyber world. 

Cybercriminals would 24*7 seek to strike our critical infrastructure and harm our economy. And as part of the crowd, I aspire to outsmart myself and the cyber world enough to evolve the true responsibility before a security breach.

Share this:

  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • More
  • Click to email a link to a friend (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)

Related

Tags: Ankit SinghAnkit Singh Indian hackerethical hackingThe Cyber ExpressThe Cyber Express News
Previous Post

GITEX GLOBAL 2022 takes over Dubai with record capacity, accelerating world’s digital economy

Next Post

‘OpIran Engaged’: Anonymous Launches Cyber Operation Against Iranian Government

Ashish Khaitan

Ashish Khaitan

Ashish is a technical writer at The Cyber Express. He adores writing about the latest technologies and covering the latest cybersecurity events. In his free time, he likes to play horror and open-world video games.

Related Posts

cybersecurity
Firewall Daily

Emerging Trends and Challenges in Cybersecurity: Insights from Abul Kalam Azad

by Augustin Kurian
December 4, 2023
Cybersecurity Training
Firewall Daily

Elevating Cyber Learning: Interactive Entertainment in Cybersecurity Training

by Augustin Kurian
October 29, 2023
Dark Web Marketplace
Firewall Daily

Dark Web’s Black Market: Where Stolen Identities Find Their Secret Price Tag

by Ashish Khaitan
October 28, 2023
Cybersecurity
Firewall Daily

The Intricacies of Cybersecurity: A Detailed Discourse with Juhani Hintikka

by Augustin Kurian
October 22, 2023
Navigating the AI Revolution in Cybersecurity: Ryan Davis Shares Insight
Firewall Daily

Navigating the AI Revolution in Cybersecurity: Ryan Davis Shares Insight

by Ashish Khaitan
October 21, 2023
Next Post
Anonymous Iranian Government

'OpIran Engaged': Anonymous Launches Cyber Operation Against Iranian Government

Comments 2

  1. Chitranjan Singh says:
    1 year ago

    Hello sir,can you write a book on hacking and in Indian version.

  2. rohit says:
    1 year ago

    i am curious about how to start where to start for cyber ??

Latest Issue is Out. Subscribe Now

Cybersecurity Magazine



Follow Us On Google News

Latest Cyber News

Nget Stealer information stealer
Dark Web News

Nget Stealer Targets Cryptocurrency Wallets, Poses New Surface-Level Menace

December 6, 2023
CISA
Cybersecurity News

CISA Warns of ColdFusion Vulnerability: Immediate Security Patching Required

December 6, 2023
Henry Schein data breach
Firewall Daily

Ransom Paid, Yet Struck Again: Henry Schein Hit by Third Cyberattack

December 6, 2023
MAPC Cyberattack
Firewall Daily

LockBit Claims Cyberattack on Metropolitan Area Planning Council, Sets December 8 Deadline

December 6, 2023

Categories

Web Stories

Top 10 CISOs to Follow in 2023
Top 10 CISOs to Follow in 2023
Top 10 Ransomware Gangs in 2023
Top 10 Ransomware Gangs in 2023
Top 5 IoT Security Risks in 2023
Top 5 IoT Security Risks in 2023
Top 10 CTF Platforms in 2023
Top 10 CTF Platforms in 2023
Types of Risks Covered by Cyber Insurance
Types of Risks Covered by Cyber Insurance

About

The Cyber Express by Cyble

#1 Trending Cybersecurity News and Magazine

The Cyber Express  by Cyble is a handbook for all stakeholders of the internet that provides information security professionals with the latest news, updates and knowledge they need to combat cyber threats.

 

Contact

For editorial queries: [email protected]

For marketing and Sales: [email protected]

For Events & Conferences related information: [email protected]

 

Quick Links

  • About Us
  • Advertise With Us
  • Contact Us
  • Editorial Calendar

Our Address

We’re remote friendly, with office locations around the world:

San Francisco, Atlanta, Rome,
Dubai, Mumbai, Bangalore, Hyderabad,  Singapore, Jakarta, Sydney, and Melbourne

 

Headquarters:

The Cyber Express LLC
555 North Point Center E
Alpharetta, GA 30022, USA.

 

India Office:

Cyber Express Media Network
HD-021, 4th Floor, C Wing, Building No.4. Nesco IT Park, WE Highway, Goregaon East, Mumbai, Maharashtra, India – 4000063

Subscribe to Our Feed

RSS Feeds

Follow Us On Google News
  • Privacy Statement
  • Terms of Use
  • Write For Us

© 2023 The Cyber Express (Cybersecurity News and Magazine) | By Cyble Inc.

No Result
View All Result
  • Magazine
  • Firewall Daily
  • Essentials
    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • Events
    • World CyberCon India 2023
    •  Cyber Security Webinar
    • Endorsed Events
  • Products
    • Cyble Vision
    • Cyble Hawk (LEA, Govt.)
    • Am I Breached
    • Cyble Odin

© 2023 The Cyber Express (Cybersecurity News and Magazine) | By Cyble Inc.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.
Top 10 CISOs to Follow in 2023 Top 10 Ransomware Gangs in 2023 Top 5 IoT Security Risks in 2023 Top 10 CTF Platforms in 2023 Types of Risks Covered by Cyber Insurance