Best Practices

Key Security Learnings from Bangladesh Bank hack !!!

Key security learning from Bangladesh Bank hack

About Bangladesh Bank hack -  The attackers who stole $81 million from the Bangladesh central bank probably hacked into software from the SWIFT financial platform that is at the heart of the global financial system

Key Security Learnings -  (can be easily mapped to OWASP Top 10 Attacks)

12 Best practices to secure your data from cyber criminals

12 Best practices to secure your data from cyber criminals

Ransomware, a serious form of extortion is a malware attack in which the attacker encrypts the victim’s data, making it unavailable to the victim and demands ransom for revealing the decryption key. This cyber-attack has gained prominence as reputed organizations are being victimized.

Protect yourself from ransomware

The following are certain proactive measures that can help you secure your data from cyber criminals.

1. Regular Data Backup

Regularly updated backup is one act that can help an organization to refrain from giving up to ransomware attacks. It has been observed that ransomware has the capability to encrypt drives that are mapped. Hence, backup has to be planned regularly to an external drive which is not assigned a drive letter. Refrain from being connected to backup service post backup activity. Connect only when it’s required.

Are you safe from DROWN attack ?

Are you safe from DROWN attack ?

DROWN stands for "Decrypting RSA with Obsolete and Weakened Encryption." You should not panic from DROWN attack but treating of the vulnerability is necessary for affected applications. It is a serious vulnerability and affects HTTPS that relies on SSL and TLS. Everyone on the Internet uses these protocols to browse the web, email etc and send instant messages by preventing third-parties being able to read the communication. This attack allows attacker to read or even steal sensitive communications, which may include passwords, credit card information, trade secrets etc by breaking encryption.

The attack is not insignificant and can be launched against high-value targets. Before you strive for its remediation, you should first ensure that your systems are not vulnerable. Fortunately, it's remediation is very simple and straightforward: just disable SSL v2 on all servers you have.

Why data collection is most critical part in all e-Discovery phases (EDRM) ?

Why data collection is most critical part in all e-Discovery phases (EDRM) ?

Why data collection is most critical part in all e-Discovery phases (EDRM) ?

Data Collection is most important and critical part of all the e-Discovery phases because collection involves direct interaction with live or archival data. Usually, all relevant data searched in various sources like live servers, Backups, workstation hard disk, file servers, mobile, windows file system and other sources.

Data collection is a multifaceted job in all e-discovery processes. Solid technical resources and expertise are required to collect the exact and correct data.

Who are the part of Collection Team? 

e-Discovery specialist, paralegals, legal assistance, data processor, IT consultant, IT experts, or Vendor are part of data collection team and before starting the collection part, lots of planning is required.

Stuart shows a small picture of information security to Grin

Stuart and Grin are childhood friends and met after a long time, both talking about their professional life. 
Stuart : In which company you are working and on which domain ?
Grin : Working in ABC company and currently working as an Java developer. What about you ?
Stuart : I am working in XYZ company in Application/Network Security.
Grin : Security !!! What exactly is that and which things are covered into that ?
Now, Stuart answers...

Effectiveness of Digital Certificate based authentication

Authentication is the process of validating the identity of someone or something. In most of the web applications authentication is done using user names and passwords. However this method of authentications does not provide adequate security to the application because of guessable passwords and common user names like combination of first and last name of the user.

 To strengthen the authentication process, authentication factors have been evolved. They come under 3 categories.

1. Something you know- PIN numbers, Passwords etc

2. Something you have- Tokens, Soft cards, Digital certificates etc

3. Something you are- Fingerprint, Facial/Voice pattern etc

BYOD Implementation: Are you aware of the governance, policies, risks, controls and compliance measures?

BYOD Implementation: Are you aware of the governance, policies, risks, controls and compliance measures?

With mobile technology advancement and affordability to possess smartphones and tablets by people, high-speed internet at better cost drives work from anywhere and anytime opportunity. This thrives an Enterprise to introduce Bring Your Own Device (BYOD) culture across the globe. This article narrates the risk elements while using BYOD and describes a set of governance and policies to be implemented and list of controls to be deployed before implementing the BYOD.

CIA Triad

The capability of an enterprise has increased to handle its business risks and technology risks over a period of time by vast experience, lessons learned during their daily operations and also adopted to new technologies. With the introduction of BYOD (Bring Your Own Device) has increased an enterprise’s boundaries and bringing work to personal device creates storms and anxious around.

Security Controls to Deter Malicious Activity and Reduce Risk to Customer Data

Security Controls to Deter Malicious Activity and Reduce Risk to Customer Data

When an enterprise outsource its software development, maintenance and production support activities, it is very important to protect enterprise’s customer data to avoid any legal action and penalty for primary enterprise. For any customer data disclosure or modification or non-availability of data when it is required may put the enterprise responsible at the end.  This article discuss about some critical challenges faced by enterprises and some important security controls that can help deter users to conduct any malicious activity and reduce the risks related to customer data.


How You can Improve Application Scanning Coverage?

Enumerating a database, making the resource unavailable are not pretty much difficult for a skilled hacker by abusing the loopholes present in the application. 

This results in reputation damage and degrading the brand value of the Organizations.

To avoid such disastrous scenario organizations should adopt defense-in-depth strategy for the web applications by eradicating all the vulnerabilities present in any application irrespective of their severity.

Now the point is how to achieve this?

According to industry standards one way to achieve this is by detecting the vulnerabilities using commercial scanners in parallel to manual efforts of skilled security analysts.

According to 2015 Gartner Magic Quadrant for Application Security Testing (AST) Static AST (SAST), Dynamic AST (DAST), and Interactive AST (IAST) are various types of security testing methods provided by top vendors.


Subscribe to RSS - Best Practices