Published on: October 10, 2024
In a recent interview with SafetyDetectives, Babar Khan Akhunzada, Co-founders and CEO of SecurityWall, and Hisham Mir, Co-Founder and CTO, shared insights into their journey in the cybersecurity industry. Babar, driven by a lifelong passion for ethical hacking, co-founded SecurityWall to address the growing security needs of businesses worldwide. Hisham, an expert in technical architecture and security, joined forces with Babar to develop a company that focuses on innovative penetration testing solutions, offering a hybrid Penetration Testing as a Service (PTaaS) model that combines AI-driven automation with human expertise.
Together, Babar and Hisham have led SecurityWall to become a trusted partner for companies across the globe, from Silicon Valley startups to SMEs in Europe. They emphasize their commitment to delivering deep auditing mechanisms that provide more than just surface-level assessments. By integrating advanced technology and manual expertise, SecurityWall aims to secure businesses with the same level of rigor applied to larger enterprises, making top-notch security testing both accessible and efficient.
Can you tell us a bit about your background and what led you to found SecurityWall?
I’ve always had a deep passion for cybersecurity, starting from when I was a teenager exploring ethical hacking and vulnerability assessments. Over time, I became increasingly aware of how critical cybersecurity is for businesses of all sizes. Founding SecurityWall came from a desire to address the growing security challenges organizations face especially in best economic affordance and particularly as digital transformation accelerates within the region. My vision was to build a company that not only focuses on offering high quality security solution and services but also innovates in how those services are delivered and making penetration testing and auditing accessible to startups and enterprises alike with top notch quality which’ve achieved.
What makes SecurityWall unique in the penetration testing landscape compared to other providers?
SecurityWall sets itself apart through our hybrid Penetration Testing as a Service (PTaaS) model. While many firms offer standard pentesting services, we’re pushing boundaries by integrating AI, automation, and human expertise to provide a comprehensive security audit. This hybrid approach ensures that we’re not just detecting vulnerabilities but offering a true hacker’s perspective with deep auditing mechanisms that are both scalable and efficient. SecurityWall is one of leading cybersecurity company working with leading startups in Silicon Valley and Trending SME’s in Europe region.
SecurityWall is one of young team who are equipped with CISSP, OSCP, OSWE, eJPT, eWJPT, CC, CISM, CEH, ECSA, CVA, GRC, GDPR and SOC-2 certifications. We’re also targeting a market that’s often underserved startups, emerging enterprises and helping them secure their platforms with the same rigor applied to larger companies, while still being cost-effective. Our upcoming product will further enhance usability, and we aim to revitalize the PTaaS category by making security testing seamless and approachable for companies of all sizes.
What are some of the most common vulnerabilities your team finds during application penetration testing?
At SecurityWall, we focus on both business logic flaws and technical vulnerabilities. This holistic approach allows us to identify deeper issues that others might overlook. Recently, for instance, we discovered that a PCI DSS compliant startup was vulnerable to several financial attacks, despite adhering to compliance standards. In another case, we worked with a bank client in the Gulf region and found a critical flaw in their payment gateway, which allowed us to exploit the vulnerable code and simulate unlimited money transfers.
One particularly interesting case involved a SaaS trading application where we uncovered a breach on the dark web, which provided unauthorized access to their administrative dashboard. These examples highlight why we’re proud of our researchers and products. They don’t just catch surface-level issues, they provide deep inspections that make a real impact for our clients. By doing this, we protect the cyberspace before hackers can exploit these vulnerabilities.
We proudly claim that non of our client went empty when they subscribe to our services. We always create impact with deep auditing and assessment skills our team equip.
What are the main concerns or misconceptions clients usually have before undergoing penetration testing?
A common misconception is that penetration testing and audit is a one-time fix for security. Many clients come in thinking that after a single test, their systems will be foolproof. We always emphasize that cybersecurity is an ongoing process, and new vulnerabilities emerge as technology evolves. Another concern is the fear of disruption during testing—clients often worry that pentesting might impact their operations. We reassure them by explaining the controlled environments and best practices we follow to ensure minimal interruption.
How do you incorporate automation and AI into the penetration testing process, and do you foresee a greater reliance on them in the future?
Automation and AI are central to our hybrid PTaaS model. We use AI-driven tools for vulnerability detection and to automate repetitive tasks, such as scanning for known weaknesses. This allows our team to focus on more complex, targeted attacks that require human expertise. The future of pentesting will definitely see more reliance on automation, especially as threats evolve in scale and complexity. However, I believe human oversight will always be essential and machines can identify patterns, but human intuition and creativity remain unmatched in cybersecurity.
With the rise of cloud-native applications, are there specific security challenges you see increasing in importance for cloud-based services?
I agree. As more companies shift to cloud-native architectures, we’re seeing a rise in concerns around data breaches, misconfigured cloud environments, and insecure APIs. But cloud security shouldnt be limited to cloud but the hosted assets as well. Cloud services offer flexibility and scalability, but they also increase the attack surface. Multi-tenancy, improper identity and access management (IAM), and insecure DevOps practices can all introduce significant risks. Security teams need to be proactive in addressing these challenges, ensuring their cloud infrastructure is configured correctly and their applications are secure by design.