Security Articles

What is IoT Forensics and How is it Different from Digital Forensics?

What is IoT Forensics and How is it Different from Digital Forensics?

Internet of Things (IoT) refers to a network of connected physical devices, smart home appliances, wearable electronic devices and embedded electronic items etc. with different types of sensors for seamless connectivity and transfer of data amongst them. 

The Internet of Things has become very popular and transformed various facets of life. Some common examples for the IoT devices include Smart home accessories such as smart locks, sensors for temperature, ambient light, water, gas etc., and wearables such as smart watches, glasses, pacemakers and fitness gear and includes components such as M2M (Machine to Machine communications), RFID sensors, wearable and context-aware computing.

Learn How a Web Application Firewall Works

Learn How a Web Application Firewall Works

In today’s scenario, we can say that web hacking is a really rampant concern. It almost seems that on a daily basis we can hear major web hacking news that can impact a large corporation and its perceived cybersecurity defenses. People are left with the sense that if major corporate brands can be infiltrated, then how their information can be safe. One rather underrepresented form of website protection is implementing a web application firewall (WAF) into their web security profiles.

13 Best Practices To Secure Your AWS!

13 Best Practices To Secure Your AWS!

Cloud is the buzz word everywhere these days and almost every company whether small or big are aiming to become cloud-enabled or cloud drive. Amazon Web Services (AWS) is the leading cloud service provider in the market and many companies are hosting entire or part of their IT infrastructure on AWS.  

Hosting the infrastructure on the cloud also requires you to implement certain security measures in order to keep it safe and secured from cyber threats and attacks. This article lists out some of the best practices which can be considered in order to improve and implement secure AWS infrastructure. 

This article assumes you have the basic understanding of AWS and the services offered by AWS. If you are new to AWS, please see this link

Safeguarding Ourselves From Cyber-attacks: Best Practices

Safeguarding Ourselves From Cyber-attacks: Best Practices

In these days of increased cyber-attacks, being aware of a single attack is not sufficient enough to keep ourselves safe against them. The attackers are now incorporating a combination of several attack techniques to accomplish their objective. For example, a combination of phishing, credit card data theft, and malware are combined to implement an attack these days.

Still Confused What Bitcoin Is? Read This!

Still Confused What Bitcoin Is? Read This!

Money is the only parameter to fathom the richness of an individual in the present world and it is considered legal if recognized by the central bank. Money is ‘a well-recognized paper’ signed by the authorized representative of the central bank and thus considered as a legal tender. Till recent times money was recognized as the value on a piece of paper. However, in 2009 Satashi Nakamoto introduced a set of programs which were run on the computer (the process called mining) produced money protected by cryptography.  Hence the name cryptocurrency was given to programmed earned currency named Bitcoin. It is pertinent to mention that although the currency is not recognized by the central bank and cannot be exchanged for any commodity, it has posed a serious threat to the central banks across the globe, as it could move across the borders without the control of the govt.

SaaS Customer Security for Web Applications built on Azure Static HTML Architecture

SaaS Customer Security for Web Applications built on Azure Static HTML Architecture

Azure Static HTML Architecture provides SaaS providers with a ready environment to build, deploy, and operate Web applications, freeing the providers of the need to buy, build, and maintain the supporting infrastructure. See: https://docs.microsoft.com/en-us/dotnet/standard/modern-web-apps-azure-architecture/common-web-application-architectures .

Primary elements of the Architecture include:

Penetration Testing: An Important Security Checkpoint

Penetration Testing: An Important Security Checkpoint

Every organization conducts various types of security assessments to validate the security posture of their applications and network resources. However, organizations need to opt for the assessment methodology that suits the requirements of its state of affairs most appropriately.

In this Article, We will have a glance at different security assessment categories and gather brief knowledge on Penetration testing types and techniques, at first let's start with assessment categories

Security Assessment Categories

The security assessment is generally divided into three categories:

Learn DDE Injection Attack in 7 Steps!

Learn DDE Injection Attack in 7 Steps!

Dynamic Data Exchange (DDE) is a protocol widely used by applications to exchange data between themselves. This protocol uses a client/server model to communicate where the application asking for the data acts as the client and the application that fulfills the request acts as the server. DDE practices inter-process communication (IPC) using a common shared memory to exchange data and provides a specific set of commands and message formats for the applications to interact among themselves. DDE is very popular among applications like Microsoft Word, Excel, Lotus 1-2-3, Visual Basic, AmiPro, Quattro Pro etc.

Security Incidents And It's Handling

Security Incidents And It's Handling

Nowadays, there has been a striking increase in electronic communication between people and this increased communication between people and machines is affecting every industry. Information systems are very critical assets in any organization and vulnerabilities in those systems can be exploited by attackers or malicious users to cause an incident threatening the security. In this scenario, there has been an increase in computer security incidents threatening confidentiality, availability, and integrity of information.  Such incidents can be made to occur deliberately with malicious intent or can be caused unintentionally.

Security Incident

An incident can be defined as any unexpected action, event or an occurrence that has an immediate or potential effect. A security incident hampers the security and stability of information systems. There are several definitions of security incidents.

Learn The Difference Between Injection and Cross-Site Scripting Attacks!

Injection and cross-site scripting are the most common attacks amongst top 10 OWASP.

Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts (also commonly referred to as a malicious payload) into a legitimate website or web application. XSS is amongst the most rampant of web application vulnerabilities and occurs when a web application makes use of un-validated or un-encoded user input within the output it generates.

By leveraging XSS, an attacker does not target a victim directly. Instead, an attacker would exploit a vulnerability within a website or web application that the victim would visit, essentially using the vulnerable website as a vehicle to deliver a malicious script to the victim’s browser.

There are three types of cross-site scripting attacks:

Pages

Subscribe to RSS - Security Articles