Monday, February 6, 2023
  • Advertise With Us
  • Write For Us
  • Contact Us
  • About Us
  • Editorial Calendar
Download Latest Issue - Free!
The Cyber Express
Ransomware Report
  • Magazine
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacks
    • Ransomware
    • Vulnerabilities
    Voice Networks

    Voice Networks are Under Attack – is Anybody Listening?

    Anonymous Sudan Declares War on American Corporate Giants with Devastating DDoS Onslaughts

    Dominic Alvieri

    After Hive, Will More Ransomware Groups be Taken Down in 2023?

    McEwan Fraser Legal

    ALPHV Ransomware Hits UK Realty Firm McEwan Fraser Legal, 300GB Data On The Line

    Kewal Kiran

    Indian Apparel Manufacturer Kewal Kiran Clothing’s Data Out For Sale

    BATLoader

    Stealthy BATLoader Lurks Under PowerShell Script to Evade Detection and Launch Malware

    Guardian Analytics Data Leak

    Guardian Analytics Data Leak: Ransomware Groups Daixin Team and Lockbit List Firm as Victim

    VectorStealer

    VectorStealer, Unlocking Doors to RDP Hijacking

    Qakbot Malware

    Spammers Deploy Information Stealing Qakbot Malware in OneNote Attachment

  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    TRAI

    TRAI Asked to Involve MoD in Drafting Big Data Regulations & Policies

    cybersecurity

    Cybersecurity incidents may soon be ‘uninsurable’

    Australia

    Australia Ropes in Tech Veterans to Set Up Cyber Action Plan

    Active Directory

    Prevent Ransomware: Save the Active Directory

    Privacy Penalty Bill

    Privacy Penalty Bill: Australian Parliament Approves Heavy Fines

    Zero Trust Strategy

    US Department of Defense to Embrace Zero Trust Strategy

    browser hijackers

    Researchers Find Browser Hijackers on Google Chrome Web Store

    DORA proposal

    DORA Proposal for Cybersecurity Awaits Full Approval by Council and ESAs

    Privacy penalty bill

    Australia Privacy Penalty Bill 2022: Pay a $50 Million Fine for Data Breaches

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business News
    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • Events
    • Webinars
    • World CyberCon Middle East 2023
    • Endorsed Events
  • Advertise
No Result
View All Result
The Cyber Express
  • Magazine
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacks
    • Ransomware
    • Vulnerabilities
    Voice Networks

    Voice Networks are Under Attack – is Anybody Listening?

    Anonymous Sudan Declares War on American Corporate Giants with Devastating DDoS Onslaughts

    Dominic Alvieri

    After Hive, Will More Ransomware Groups be Taken Down in 2023?

    McEwan Fraser Legal

    ALPHV Ransomware Hits UK Realty Firm McEwan Fraser Legal, 300GB Data On The Line

    Kewal Kiran

    Indian Apparel Manufacturer Kewal Kiran Clothing’s Data Out For Sale

    BATLoader

    Stealthy BATLoader Lurks Under PowerShell Script to Evade Detection and Launch Malware

    Guardian Analytics Data Leak

    Guardian Analytics Data Leak: Ransomware Groups Daixin Team and Lockbit List Firm as Victim

    VectorStealer

    VectorStealer, Unlocking Doors to RDP Hijacking

    Qakbot Malware

    Spammers Deploy Information Stealing Qakbot Malware in OneNote Attachment

  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    TRAI

    TRAI Asked to Involve MoD in Drafting Big Data Regulations & Policies

    cybersecurity

    Cybersecurity incidents may soon be ‘uninsurable’

    Australia

    Australia Ropes in Tech Veterans to Set Up Cyber Action Plan

    Active Directory

    Prevent Ransomware: Save the Active Directory

    Privacy Penalty Bill

    Privacy Penalty Bill: Australian Parliament Approves Heavy Fines

    Zero Trust Strategy

    US Department of Defense to Embrace Zero Trust Strategy

    browser hijackers

    Researchers Find Browser Hijackers on Google Chrome Web Store

    DORA proposal

    DORA Proposal for Cybersecurity Awaits Full Approval by Council and ESAs

    Privacy penalty bill

    Australia Privacy Penalty Bill 2022: Pay a $50 Million Fine for Data Breaches

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business News
    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • Events
    • Webinars
    • World CyberCon Middle East 2023
    • Endorsed Events
  • Advertise
No Result
View All Result
The Cyber Express
No Result
View All Result
Home Interviews

Traditional Pen Testing is Never Going to Guarantee Foolproof Security

Ashish Khaitan by Ashish Khaitan
September 21, 2022 - Updated on January 20, 2023
in Interviews, Main Story
2
Ankit Singh cyber security researcher
588
SHARES
3.3k
VIEWS
Share on LinkedInShare on Twitter

Ankit Singh is an independent cyber security researcher, ethical hacker, and bug hunter. He currently ranks among the Top 85 Bugcrowd researchers globally and bagged the second position in the global Live Hacking Event with Indeed at Vegas Bug Bash 2022.

Over the years, Singh has been involved in several cybersecurity audits for the Govt. of India as well as finding bugs for big organizations, such as Microsoft, Apple, Yahoo, Twitter, Amazon, Visa, Adobe, Mastercard, IBM, and Western Union among others. Awarded the second position in the Okta Bug Bash 2021, a global live hacking event conducted by Okta & Bugcrowd, Singh was also rewarded 750,000 MileagePlus miles from United Airlines for reporting security bugs within their bug bounty acquisition. In 2021, he won the “Most Interesting Bug” award for Okta Bug Bash.

You might also like

After Hive, Will More Ransomware Groups be Taken Down in 2023?

Artificial Intelligence: The Bridge Between Utopia and Dystopia

Why Singapore Has the Best Cybersecurity in The World

In an exclusive interview with The Cyber Express, Ankit shares his journey as an ethical hacker, how he succeeded in his career, and what skill sets helped advance him in cybersecurity.

Here is an excerpt from the interview.

TCE: What myth would you like to dispel about ethical hacking or cybersecurity in general? 

Ankit Singh: From my personal experience, the carelessness of organizations for not having a definite cyber security plan or strategy is itself a big problem. Still, there are organizations living in a myth that no one is going to breach through their application or server, and they just don’t bother about it unless a breach actually takes place. 

I remember in my early days of ethical hacking, when I was not aware that something like bug hunting platforms existed, I had found some RCE sort of bugs in the production websites of some organizations. I remember I tried hard to find their contact and called them about the issue, and they just hung up the phone before I could even complete it. 

Maybe they didn’t bother, or maybe they were not too sure about what security breaches are about.

TCE: If you could teach the entire world just one security concept, what would it be?

Ankit Singh: There is no hotfix for social engineering. No matter how secure your applications and servers are, no matter the number of firewalls and IDS/IPS you have in your setup. But there is no treatment for the foolish acts that we may do knowingly or unknowingly. There have been many case studies in the past where some critical hacks were accomplished solely on the basis of social engineering. There must be a proper awareness plan and strategy to tackle social engineering attacks too.

TCE: From a cybersecurity standpoint! How far does cybersecurity certification help individuals in their careers? 

Ankit Singh: What is your take on cybersecurity certification vs. self-learning? As per my personal experience, today, the emphasis is more upon what one is capable of, about one’s skill set rather than the papers we’re holding. I’ve seen many successful ethical hackers and researchers coming from entirely different backgrounds and streams making an impact in the cybersecurity industry.

As far as the professional career goes, then today’s organizations tend to assess more of your industrial skill set rather than relying upon what your documents say. If you’re aspiring to join a research team or a product-based organization, then most of the time, it would be your skill set that would matter. 

If you’re opting for a service-based organization, then such organizations would need to outsource resources to their clients, so in such cases, your certifications may help. No doubt that certification may play as an add-on, but ultimately it’s your skill set that largely determines your career aspirations. 

TCE: What security incident or event had the most significant impact on your life? 

Ankit Singh: Prior to the epidemic, I was a regular participant of Null events. But afterward, I started following some of the presentations from the virtual conferences. The research presentations by James Kettle had the most significant impact on my security journey. His intense research in the field of web cache poisoning and HTTP desync attacks is just incredible and personally inspired me a lot.

TCE: What do you wish other people understood about ethical hacking and your work?

Ankit Singh: I wish I could help change the world’s perception towards “Hacking.” I want them to look at it from a perspective of “art” and one’s “creativity” rather than merely a subject or skill. Your understanding of technology is the “subject,” and the additional creativity you employ is “hacking.” 

Since technology will always be enhanced and applications will always be developed, there won’t be any boundaries to hacking. So this can never be referred to as a particular “subject.” 

This way, the organizations would understand that the number of firewalls, IDS/IPS, or traditional pen tests does not guarantee you foolproof hardened systems because there are no limits for creativity, and so it applies to hacking. 

TCE: From a bug bounty standpoint, India is not in the big leagues compared to countries like the USA, where all the major government bodies run bug bounty programs. Even though India has produced some of the most phenomenal ethical hackers, the Indian government does not provide equal opportunities for young talents to show their skills. Why do you think there is a trend like that in India?

Traditional pen testing is never going to guarantee you foolproof security”. I have been at both sides of the profession, a full-time penetration tester and now a full-time bug hunter. And I’m absolutely aware that traditional pen tests are not capable enough to cover up all of your bugs. Because as I said earlier, “Hacking” is not a subject, but it’s just about the creativity you invest in.

You’re never too sure from where a cybercriminal would craft their creativity to intrude and breach into your systems. So I strongly believe that having a bug bounty program for your assets (rather be it in a staging environment if concerned about the real-time impact) would definitely help to uncover the never-seen-before security flaws. 

TCE: Do you have a prediction or hunch about how cybersecurity will change in the future? 

Ankit Singh: As I said earlier that technology will be ever enhancing and expanding, and so the scope of opportunity to intrude through the technology would also augment in parallel. With the sophistication in machine learning and AI, there would be a more complex but enhanced form of cyber security that would emerge. 

Alongside, cyber threats would also grow in scale and complexity. So this war of cats and dogs will always remain a mainstream issue. As part of this cyber security community, our objective should be to “White Hat” the cyber world. 

Cybercriminals would 24*7 seek to strike our critical infrastructure and harm our economy. And as part of the crowd, I aspire to outsmart myself and the cyber world enough to evolve the true responsibility before a security breach.

Share this:

  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • More
  • Click to email a link to a friend (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)

Related

Tags: Ankit SinghAnkit Singh Indian hackerethical hackingThe Cyber ExpressThe Cyber Express News
Previous Post

GITEX GLOBAL 2022 takes over Dubai with record capacity, accelerating world’s digital economy

Next Post

‘OpIran Engaged’: Anonymous Launches Cyber Operation Against Iranian Government

Ashish Khaitan

Ashish Khaitan

Related Posts

Dominic Alvieri
Firewall Daily

After Hive, Will More Ransomware Groups be Taken Down in 2023?

by Vishwa Pandagle
February 4, 2023
Artificial Intelligence
Firewall Daily

Artificial Intelligence: The Bridge Between Utopia and Dystopia

by Editorial
February 2, 2023 - Updated on February 3, 2023
Lanx Goh Cybersecurity
Firewall Daily

Why Singapore Has the Best Cybersecurity in The World

by Editorial
February 1, 2023
Security Pill: How Far Can Allowlisting Restrictions Defend Threats and Human Errors?
Firewall Daily

Security Pill: How Far Can Allowlisting Restrictions Defend Threats and Human Errors?

by Editorial
February 1, 2023
Women In Cloud
Interviews

Women In Cloud: Gender Parity Efforts is a Guinness Record Effort in Itself

by Chandu Gopalakrishnan
January 31, 2023
Next Post
Anonymous Iranian Government

'OpIran Engaged': Anonymous Launches Cyber Operation Against Iranian Government

Comments 2

  1. Chitranjan Singh says:
    5 months ago

    Hello sir,can you write a book on hacking and in Indian version.

  2. rohit says:
    5 months ago

    i am curious about how to start where to start for cyber ??

Latest Issue is Out. Subscribe Now

Ai in Cybersecurity - Cybersecurity Magazine by The Cyber Express

Download Now



Follow Us On Google News

Never miss an update. Subscribe!

* indicates required

Recommended

Anonymous Sudan Declares War on American Corporate Giants with Devastating DDoS Onslaughts

February 4, 2023
GoTo Confirms User Data Stolen With Encryption Key

GoTo Confirms User Data Stolen With Encryption Key

January 27, 2023

Categories

Don't miss it

Voice Networks
Features

Voice Networks are Under Attack – is Anybody Listening?

February 4, 2023
Firewall Daily

Anonymous Sudan Declares War on American Corporate Giants with Devastating DDoS Onslaughts

February 4, 2023
LockBit. Ion Group
Cybersecurity News

LockBit Claims Ransom From ION Group, Firm Declines To Comment

February 4, 2023
Dominic Alvieri
Firewall Daily

After Hive, Will More Ransomware Groups be Taken Down in 2023?

February 4, 2023
McEwan Fraser Legal
Data Breach News

ALPHV Ransomware Hits UK Realty Firm McEwan Fraser Legal, 300GB Data On The Line

February 3, 2023
Kewal Kiran
Firewall Daily

Indian Apparel Manufacturer Kewal Kiran Clothing’s Data Out For Sale

February 3, 2023

About

The Cyber Express

Cybersecurity News and Magazine

The Cyber Express is a handbook for all stakeholders of the internet that provides information security professionals with the latest news, updates and knowledge they need to combat cyber threats.

Follow The Cyber Express

Contact

For editorial queries: [email protected]

For marketing, PR & media partnerships: [email protected]

For media kit and digitals sales: [email protected]

For Sponsorship/Event Partnership: [email protected]

For Conferences related information: [email protected]

Our Address

We’re remote friendly, with office locations around the world:

San Francisco, Atlanta, Rome,
Dubai, Mumbai, Bangalore, Hyderabad,  Singapore, Jakarta, Sydney, and Melbourne

 

Headquarters:

The Cyber Express LLC
555 North Point Center E
Alpharetta, GA 30022, USA.

Tel: (678) 578-8838

Subscribe to Our Feed

RSS Feeds

Follow Us On Google News

© 2022 The Cyber Express (Cybersecurity News and Magazine) | By Cyble Inc.

No Result
View All Result
  • Firewall Daily
  • Business News
  • Cyber Essentials
  • Features
  • Cybersecurity Magazine
  • Events
    • World CyberCon Middle East 2023
    • Webinars

© 2022 The Cyber Express (Cybersecurity News and Magazine) | By Cyble Inc.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.