Cybersecurity Intelligence, Indexed
Threat briefings, practitioner playbooks, compliance guides, and deep dives — organised by topic so you can find what matters.
or browse by category below
Threat Intelligence 4 articles
Recent CVEs, active exploitation campaigns, and weekly intelligence briefings.
Incident Response Runbook: Data Exfiltration Under DPDP (India)
Data exfiltration incidents were difficult enough before the DPDP Act 2023. Now they carry statutory teeth: notification obligations to the Data Protection…
Incident Response Runbook: Credential Compromise & Session Hijack
Credential compromise rarely announces itself. Ransomware comes with a note; credential theft comes with a successful login from an unexpected IP, an…
Incident Response Runbook: Ransomware (Enterprise)
A ransomware incident does not give you time to plan. The first hour sets the trajectory of the next ninety days. Organizations…
VAPT 8 articles
Penetration testing methodology, scoping guides, and practitioner playbooks.
VAPT Report: What a Good One Actually Contains
What a good VAPT report contains, with an annotated 8-section template — serving CTO, engineer, auditor, and buyer audiences — and the red flags that signal a shallow engagement.
Network Penetration Testing: Internal vs External (2026)
Network penetration testing in 2026 — external vs internal scope, the cloud transition, tools that matter, common findings, and when traditional network testing still has the most value.
Mobile Application Penetration Testing: Android + iOS Guide (2026)
Mobile app pen testing for 2026 — Android vs iOS methodology, OWASP MASVS L2 coverage, common findings, platform-specific security features, and typical engagement shape.
Cloud Security 8 articles
AWS, Azure, GCP, and Kubernetes — configuration, IAM, posture management, hardening.
CSPM Tools Compared: Wiz, Orca, Prisma, Defender (2026)
Honest comparison of CSPM tools in 2026: Wiz, Orca, Prisma Cloud, Microsoft Defender, Lacework, plus open-source (Prowler, ScoutSuite, Trivy). How to choose for Indian SaaS.
Hardening a New AWS Account in 2 Hours (Runbook)
The 10-step runbook we use to harden a new AWS account from default state to production-defensible posture in about 2 hours. Commands, policies, and verification — not theory.
SOC 2 Readiness Assessment for Indian Cloud Startups (2026)
The honest guide to SOC 2 for Indian SaaS: what SOC 2 actually requires, the 8-stage readiness journey, the five failures we see most often, and the realistic cost and timeline.
Security Guides 9 articles
Deep-dive playbooks: Active Directory, startup fundamentals, enterprise hardening.
Threat Modeling for Multi-Tenant SaaS: The Isolation Boundary Problem
Multi-tenancy is not a security feature. It is an architectural choice with security consequences. Every B2B SaaS that shares compute, storage, or…
API Threat Modeling: From OpenAPI Spec to Attack Surface Map
APIs are where most SaaS breaches happen, and threat modeling is where most SaaS teams stop before reaching APIs. Developers who understand…
Threat Modeling for SaaS: STRIDE Applied to a Real B2B Product
Most B2B SaaS companies we work with have heard of STRIDE. Far fewer have actually threat-modeled a real product feature under production…
Compliance 7 articles
SOC 2, ISO 27001, PCI DSS, RBI frameworks — Indian regulatory mapping.
ISO 27001 Internal Audit: A Practitioner’s Checklist
Internal audit is the clause of ISO 27001 that fails silently. Startups complete the Annex A controls, draft the policy library, run…
ISO 27001 Statement of Applicability (SoA): How to Actually Write One
The Statement of Applicability (SoA) is the single document that separates a real ISO 27001 implementation from a cosmetic one. Every certification…
ISO 27001:2022 Implementation for Indian Startups: A No-BS Guide
ISO 27001:2022 is the framework every Indian startup claims to want and few actually finish. Founders procure the certificate thinking it is…