As of October 2024, NIS2 is legally mandatory, and to aid in preparation, the National Cyber Security Center has launched a self-evaluation tool. Organizations completing the self-evaluation can determine if they fall under the NIS2 directive and whether they are considered "essential" or "important" according to this directive for the functioning of society and/or the economy. Failure to comply with this law can result in legal consequences and potential fines. Therefore, it is crucial to make timely preparations and ensure that your organization complies with the requirements of NIS2.

Source code reviewing has gained significant popularity as an analytical method in recent times. Often, the review of source code with a security perspective is not utilized extensively in security assessments or pentests. Some organizations believe that malicious hackers cannot access the source code or consider source code reviewing too costly. 

At Hacksclusive, we strongly disagree with this opinion. It's not a matter of if you will be hacked, but when and how often. It is a reasonable assumption that, sooner or later, cybercriminals could access and potentially manipulate the source code. Reviewing the source code is the most effective and efficient way to identify as many vulnerabilities as possible. In this article, we delve into what source code review entails, its role in pentesting, its applications, and the advantages it offers.

When talking with our customers, we often notice that some terms are used interchangeably. Often borrowed from English or used incorrectly over time, the distinction between a vulnerability scan and a pentest becomes blurry. In this article, we aim to provide clarity on these two important aspects of improving cyber security. Because there is a significant difference between the two. And not knowing the difference could have an impact on your cybersecurity policy.