Security Articles

Shortest Way for GDPR Implementation Approach

Shortest Way for GDPR Implementation Approach

In GDPR Implementation process, it is very challenging to comply multiple products from any platform. GDPR implementation is technically feasible for compliance but how to ensure compliance in multiple environments is a bit concerned. It becomes utmost important to consider all factors in deciding architecture for GDPR implementation. At the same time, the respective team also have to deal with other issues inherently introduced. Below are the key components needs considerations during GDPR implementation:

SafetyNet: A safeguard your android app needs – Part 2

SafetyNet: A safeguard your android app needs – Part 2

In part one of this article, we discussed SafetyNet attestation API and it’s working. In this article, we will do a deeper analysis and cover some more technical grounds.

Bypassing SafetyNet Temper Detection

One of the main disadvantages of rooting your android system is that some useful applications like banking apps and payment related apps refuse to run on it. Additionally, some gaming and government apps also abort their execution the moment they detect a tempered state of the device. So, Android enthusiasts and independent researchers keep making attempts to break the security and sometimes their work pays them off. With the introduction of Android Marshmallow, researchers found a new method of rooting called “system-less root”. In the early days of this method, Android Pay (a payment app from Google) surprisingly started working on rooted devices.

How secure is your central part of the Internet - "DNS"?

How secure is your central part of the Internet - "DNS"?

The key building block of the Internet is the "DNS" or "Domain Name System" or "Domain Name Server". It converts the domain names e.g. "google.com" into IP addresses. So we can say DNS is a translator so we don’t have to memorize IP addresses to browse the internet. The entire process is carried out via local cache or zone file that is present on the server.

How To Rate Security Incidents Effectively?

How To Rate Security Incidents Effectively?

How you will rate or give priority to a security incident is a key factor which determines the efficiency of organizations security incident response. Having an effective incident severity rating system will help to prioritize the critical incidents from small threats. We may think how can a single rating impact the regulations and requirements that must be considered in incident response? The answer is it’s not the result but the process that matters, and the rating process can have significant benefits to your organization

Different organizations will have different methodologies on how to assign severity to a reported incident.

Major factors we need to consider to rate an incident. 

Making Tran-sition a Tran-sensation – Addressing a Key Delivery Challenge

Making Tran-sition a Tran-sensation – Addressing a Key Delivery Challenge

As mergers and acquisitions become more commonplace, changing service providers could be a key concern for diverse organizations. Transition services – moving from one service provider to another - is a notable challenge; choosing the right service provider could prove to be a massive differentiating factor for successful delivery. The psychological and emotional attachment for your existing vendor and their delivery methods are superseded by the harsh realities of cost, quality and timeline. While this logic aptly applies in any service transition, but it becomes challenging & critical if it’s associated with transition & delivery of Information Security Projects. 

JSON Security

JSON Security

Hello security enthusiasts, I recently had an opportunity to attend a webinar on JSON security by ASPECT Security Inc. Here are excerpts from the webinar. Please sped sometime to go through the article to understand JSON and its security controls.

Agenda was an introduction to JSON & how it operates, past attacks against JSON based applications, Best practices and security controls and the future of JSON. You may want to refresh your knowledge on SOP (same origin policy) and CORS ( Cross Origin Resource Sharing)

HackQuest 2.0 – Are you ready for the Challenge?

HackQuest 2.0 – Are you ready for the Challenge?

‘Before it was about intellectual curiosity and pursuit of knowledge and thrill and now hacking is Big business’ – Kevin Mitnick.

We lead a digital life today, where a click of a button and your money is transferred, we order everything from cell phones to clothes & shoes to bread and butter and eggs online.  A digital life where data is power and loss or misuse of this data can bring down corporations. With the recent ransomware attacks like Wannacry, Locky and others Cyber Security have become the top-most priority for companies as it not only results in revenue losses but also tarnishes the brand image.

Online Security Lock Down Your Login

Online Security Lock Down Your Login

The digital world is changing at a tremendous speed. New communication technologies open up new possibilities, but by using them you can also expose yourself, and others, to risks. Each individual now has an online presence not just limited to having an email address. The use of social media platforms, the galore of online shopping, and the expression of interest to go digital/online payments have open floodgates of security issues and cyber attacks. 

Security researchers have been suggesting and stressing the importance of having a secured online presence. We shop online. We work online. We play online. We live online. As our lives increasingly depend on digital services, the need to protect our information from being maliciously disrupted or misused is really important.

Here are these six simple steps to gain peace of mind and more control over your online security:

Retest of Vulnerabilities(QIDs) in Qualys WASs

Retest of Vulnerabilities(QIDs) in Qualys WASs
Once an application is scanned, vulnerabilities are reported. These vulnerabilities are reported to the Application Teams and they provide the remediation. Subsequently, the Security Team retests the reported vulnerabilities to verify the fix. The intent of this document is to record step by step approach that would be helpful to retest the vulnerabilities. In Qualys, each vulnerability is tracked by QIDs (Qualys Identifiers) in the Qualys Knowledge Base. So, retesting a vulnerability means we need to retest the specific QID. A comprehensive step by step process for the retest is mentioned in the attached document.

Authored By - Vikash Patnaik
TCS Cyber Security Community

End to end steps to protect a web application through Oracle Access manager

Here I have explained steps we follow to protect a web application through Oracle Access Manager (OAM) server. I have considered form-based login for this where login page is hosted at application end. Have also considered that OAM server, OID server (user store) and OHS instance are already installed and are up and running. 

Pages

Subscribe to RSS - Security Articles