Best Practices

Interactive Application Security Testing : Things to know

Interactive Application Security Testing : Things to know

Vulnerabilities in web application are the major cause for security breaches and are being treated as a pain by enterprises. Continuous monitoring of web applications is a hectic process, as the organizations are adopting agile delivery to face the business challenges. Traditional DAST and SAST are widely known technologies which make it easier to perform web application security assessments.

Cyber-security Definition?

Regardless of your role with respect to cyber-space, when you engage in any discussion of cyber-security, make sure everyone in the dialogue is working with the same definition.  Doing so will help avoid confusion, conflict, and missed expectations.
If you browse the Web for the definition of cyber-security, you will get a wide variety of definitions.  Some definitions encompass the spectrum of IT and data security.  All exclude the broader field of "information security" which would include information in non-electronic form.  Some definitions limit the scope to cyber-space...the realm of connected computers, their transactional activities and data exchanges.  Futher, some limit scope to malicious attacks.  Others expand scope to include all threats to networks, systems, applications, and data.

12 Best practices to secure your data from cyber criminals

12 Best practices to secure your data from cyber criminals

Ransomware, a serious form of extortion is a malware attack in which the attacker encrypts the victim’s data, making it unavailable to the victim and demands ransom for revealing the decryption key. This cyber-attack has gained prominence as reputed organizations are being victimized.

Protect yourself from ransomware

The following are certain proactive measures that can help you secure your data from cyber criminals.

1. Regular Data Backup

Regularly updated backup is one act that can help an organization to refrain from giving up to ransomware attacks. It has been observed that ransomware has the capability to encrypt drives that are mapped. Hence, backup has to be planned regularly to an external drive which is not assigned a drive letter. Refrain from being connected to backup service post backup activity. Connect only when it’s required.

Are you safe from DROWN attack ?

Are you safe from DROWN attack ?

DROWN stands for "Decrypting RSA with Obsolete and Weakened Encryption." You should not panic from DROWN attack but treating of the vulnerability is necessary for affected applications. It is a serious vulnerability and affects HTTPS that relies on SSL and TLS. Everyone on the Internet uses these protocols to browse the web, email etc and send instant messages by preventing third-parties being able to read the communication. This attack allows attacker to read or even steal sensitive communications, which may include passwords, credit card information, trade secrets etc by breaking encryption.

The attack is not insignificant and can be launched against high-value targets. Before you strive for its remediation, you should first ensure that your systems are not vulnerable. Fortunately, it's remediation is very simple and straightforward: just disable SSL v2 on all servers you have.

Why data collection is most critical part in all e-Discovery phases (EDRM) ?

Why data collection is most critical part in all e-Discovery phases (EDRM) ?

Why data collection is most critical part in all e-Discovery phases (EDRM) ?

Data Collection is most important and critical part of all the e-Discovery phases because collection involves direct interaction with live or archival data. Usually, all relevant data searched in various sources like live servers, Backups, workstation hard disk, file servers, mobile, windows file system and other sources.

Data collection is a multifaceted job in all e-discovery processes. Solid technical resources and expertise are required to collect the exact and correct data.

Who are the part of Collection Team? 

e-Discovery specialist, paralegals, legal assistance, data processor, IT consultant, IT experts, or Vendor are part of data collection team and before starting the collection part, lots of planning is required.

Stuart shows a small picture of information security to Grin

Stuart and Grin are childhood friends and met after a long time, both talking about their professional life. 
 
Stuart : In which company you are working and on which domain ?
 
Grin : Working in ABC company and currently working as an Java developer. What about you ?
 
Stuart : I am working in XYZ company in Application/Network Security.
 
Grin : Security !!! What exactly is that and which things are covered into that ?
 
Now, Stuart answers...
 

Effectiveness of Digital Certificate based authentication

Authentication is the process of validating the identity of someone or something. In most of the web applications authentication is done using user names and passwords. However this method of authentications does not provide adequate security to the application because of guessable passwords and common user names like combination of first and last name of the user.

 To strengthen the authentication process, authentication factors have been evolved. They come under 3 categories.

1. Something you know- PIN numbers, Passwords etc

2. Something you have- Tokens, Soft cards, Digital certificates etc

3. Something you are- Fingerprint, Facial/Voice pattern etc

BYOD Implementation: Are you aware of the governance, policies, risks, controls and compliance measures?

BYOD Implementation: Are you aware of the governance, policies, risks, controls and compliance measures?

With mobile technology advancement and affordability to possess smartphones and tablets by people, high-speed internet at better cost drives work from anywhere and anytime opportunity. This thrives an Enterprise to introduce Bring Your Own Device (BYOD) culture across the globe. This article narrates the risk elements while using BYOD and describes a set of governance and policies to be implemented and list of controls to be deployed before implementing the BYOD.

CIA Triad

The capability of an enterprise has increased to handle its business risks and technology risks over a period of time by vast experience, lessons learned during their daily operations and also adopted to new technologies. With the introduction of BYOD (Bring Your Own Device) has increased an enterprise’s boundaries and bringing work to personal device creates storms and anxious around.

Security Controls to Deter Malicious Activity and Reduce Risk to Customer Data

Security Controls to Deter Malicious Activity and Reduce Risk to Customer Data

When an enterprise outsource its software development, maintenance and production support activities, it is very important to protect enterprise’s customer data to avoid any legal action and penalty for primary enterprise. For any customer data disclosure or modification or non-availability of data when it is required may put the enterprise responsible at the end.  This article discuss about some critical challenges faced by enterprises and some important security controls that can help deter users to conduct any malicious activity and reduce the risks related to customer data.

 

Pages

Subscribe to RSS - Best Practices