Security Articles

All you need to know about 3D secure Protocol

3D secure is an xml based protocols designed with the intention of improving additional security to the internet payments made cards. 3D secure is mainly designed to reassure the cardholder by proving the sense of security and reduce the fraud transaction by making the stolen credit card details. 3D secure controlled by verified by Visa (VBV) & and MasterCard Secure Code (MSC).

We need to understand how 3D secure act as an important role in payment gateway and why because increasing online transaction every cardholder intended to initiate the transaction in online to pay for their online purchase. 

Internet Payment

Security: No More A NON-FUNCTIONAL Requirement

Information is the heart of any business, be it banking, medicine, healthcare, insurance, retail etc. Hence it becomes imperative to protect the information for any business and its enablers. This is how the concept of information security could have been conceived. Information Security ensures to keep the Confidentiality, Integrity, and Availability of information intact. With evolving trends in the industry, security requirements emerged over a period of time including few listed below,

1.    Authentication and password management
2.    Authorization and role management
3.    Audit logging and analysis
4.    Network and data security
5.    Code integrity and security testing
6.    Cryptography and key management
7.    Data validation and sanitization
8.    Third party component analysis

Homomorphic Encryption : Is it a newbie in the field of data security?

Homomorphic Encryption : Is it a newbie in the field of data security?

Cryptography and data protection has been there since olden days. From earliest adoption by Julius Caesar (Caesar cipher) that used substitution of keep messages secret to Germany’s implementation of Enigma machine for protecting communication during the second world war to the latest implementation of Symmetric & Asymmetric cryptographic cyphers.

Nowadays, Encryption is not only in use to protect military communication but it’s also used to protect personal information. Data is everywhere, stored in billions and billions of computing devices driving the need to protect data from unauthorized access, theft, and misuse. There has been a lot of focus on data privacy and protection by governments and industries across the world. The latest implementation of GDPR is a huge step in the direction.

Spear Phishing: The Treading Cyber Security Threat

As we all are aware that phishing in general are scams which attempt to trick the recipient into providing confidential information, like account credentials, to the attacker. It is usually conducted by sending malicious emails to as many people as possible. In a way the attackers know that the more people they reach out to, more the number of victims.

On the other hand Spear Phishing is “an email targeted at a specific individual or department within an organization that appears to be from a trusted source”.

Access Recertification and its importance

Access review/ Access Recertification is an ongoing process which involves auditing user access privileges to determine if the access rights are valid and/or necessary. The various access privileges of current and former employees along with contractors, third party vendors and other temporary workers pose the biggest security risk in an organization. Hence it is mandatory to have proper and periodic access reviews in the process. 

Serverless Applications and Vulnerabilities

In this post, I shall be discussing about the vulnerabilities of a comparatively new concept called “serverless applications”. Before we can proceed with our discussion, the question that might come up is What is a Serverless App? (at least that was the question which bothered me initially, how can an app not be hosted but be used!!!). So I shall be discussing, in short, about this concept and then come back to the original concern – vulnerabilities in Serverless Apps(Please do skip the first part if you are already aware of it.).

Serverless Application

This concept came into beginning at the year 2015(and there are others who claims it to be 2012). This can be called the next stage for virtualization. We can see the journey from physical servers to virtual machines to containers and now the serverless applications. At each stage, the number of instances goes up and the lifespan becomes short. 

Cryptojacking: Are You Protected Enough?

Cryptojacking: Are You Protected Enough?

Cryptojacking is the unauthorized use of your device e.g. computer, smartphone or tablet for mining cryptocurrencies. The most intriguing part is that you might completely remain unaware of your system being used as a cryptocurrency mining device. It is designed in such a way that it remains hidden from the user. The user might experience high CPU usage, slowness and overheat of the system without even realizing that the system is being used by someone else to mine cryptocurrencies.

Cloud Security and Privacy

Cloud computing is an emerging technology as it provides extensive below attributes.

Multitenancy-It is based on business model in which resources are shared i.e. multiple users can use the same resource at network level,host level and application level.

Massive Scalability- It provides the ability to scale to tens of thousands of systems, as well as the ability to massively scan bandwidth and storage space.

Elasticity-Computing resources can rapidly increases or decreases as per the need. Resources can also be released when they are no longer required.

Pay as you go-Users pay the resources they actually use and only for the time they required them.

Self-provisioning of resources-Users self-provisioning resources such as additional system(processing capability,software,storage) and network resources.


Common Pitfalls in Security Testing & Proactive Measures for Mitigation

The successful execution of a penetration testing activity or a testing program lies in our attitude, whether we intend to perceive it as a pure technical task or rather a functional and process oriented approach. Hackers majorly go with a technical mindset with the aim of breaking into the application or infrastructure element through automated scanners and manual scripts. However a responsible penetration testing subject matter experts rendering services to various clients, cannot afford to just wear a hacker’s hat rather need to play the game much more methodical and oriented. The aim definitely is to identify vulnerabilities in the target asset in a streamlined manner, by which the technical activity becomes inherent or subset as part of the overall process/functional approach.

Relying on antivirus? Bypassing antivirus is easier than you think

When it comes to securing a system especially a windows machine, people often rely just on antivirus. Most of the people have an assumption that having an antivirus installed will be enough to protect their machines from malicious programs and cybercriminals. It is true that antivirus programs are getting smart every day and antivirus vendors are working very hard to improve detection rates and reduce false positives. The same applies to the cybercriminals; every day the internet is getting flooded with plenty of tutorials that explain how to evade the antivirus programs. Some methods include advanced techniques like changing the behavior of the payloads and encrypting them, while some techniques require just running some simple tools. Let us explore one of the simplest methods that can bypass popular antiviruses like MacAfee, Kaspersky etc. 


Subscribe to RSS - Security Articles