Security Articles

Want to Learn About SSL Certifcate: Here Is Everything You Need To Know!

Want to Learn About SSL Certifcate: Here Is Everything You Need To Know!

Nowadays online shopping has become a million dollar business and a place for fraudsters and hackers to swindle money from consumer's account. The data that is transferred in plain-text form or in non-encrypted format can be intercepted, compromised or stolen. For this reason, having a Secure Socket Layer (SSL) certificate is a boon in this fast-changing trend of security. Therefore, organizations should use this certificate for securing their site, if they wish to take online payments or expect their visitors to submit confidential information. So this article basically describes what and how along with the disadvantages of SSL.

Dark Web: What is TOR and How Does it Work?

Dark Web: What is TOR and How Does it Work?

When we hear the word Dark Web, we immediately associate it with something illegal. But what is a Dark web and how it works?

To understand it, we need to start from the surface.

Surface Web-

Surface web is the visible web. It primarily consists of static web pages which can be indexed by common search engines like Google, Yahoo, and Bing etc. So how this works? Basically, the search engines crawl and index various links present in the web application while searching for contents. The retrieved information is mostly present in the form of HTML files. But this searching technique misses a lot of contents where a web page uses dynamic web pages and database for their data. To get this information, we need to dig a bit deeper.

Deep Web-

Is Your Enterprise Using B2C or B2B Services: Understand The Threat Landscape

B2B Threat Landscape

This section provides an overview of the Threat landscape relevant to B2B services of an enterprise. This landscape only covers the security threats pertaining to infrastructure and network of enterprise business parties and third parties using B2B channels and services. It does not cover threats to external parties or business level B2B risks such as fraudulent use of B2B services.

Fig.1 Current & Emerging B2B Threat Landscape

This primarily specifies the threats that are specific to B2B channels; however third party organizations may be subject to additional threats from different channels (e.g. B2C) and in turn may be used to as a proxy to attack an enterprise infrastructure.

All you need to know about HTTP Response Splitting Attack

HTTP Response splitting attack occurs when the server script embeds user data in HTTP response headers. In this attack, a maliciously crafted Http request is used to force a vulnerable server. As a result, an output stream is formed and interpreted by the target as two response instead of one.

Here the most noticeable fact is, the second response is totally controlled by the attacker till the last byte which fact some data and notably the less important first one is may be partially controlled by the attacker.

Hence the below three factors are always involved.

Countering Future Threat To Encrypted Data: Quantum Key Distribution

Countering Future Threat To Encrypted Data: Quantum Key Distribution

Cybersecurity is one of the most growing domains in IT industry. Ensuring data security and safeguarding data privacy is the need of the hour. To speed boost the protection of data from the super powerful computers of the future, a team of researchers from Duke and Ohio State universities and the Oak Ridge National Laboratory have devised a method for scrambling data to guard it against prying eyes,  popularly referred to as quantum key distribution.

The problem with the past technology is its slowness as transfer speeds typically are measured in kilobits per second. However, the researchers found a way to increase key transmission rates between five and 10 times, bringing them into the megabit per second range.”Quantum Key Distribution “, as titled, will be promulgating the counter mechanism to future threats to encrypted data.

How Do I Prevent DLL Hijacking?

How Do I Prevent DLL Hijacking?

DLL or Dynamic Link Library is a file format that contains multiple codes and procedures for windows application so that multiple programs can use the information at the same time. The advantage of such an arrangement is that it can save memory. Also, a user can change the code of multiple applications at once without changing each and every application.

What is DLL Hijacking?

In Windows applications, typically when an application is loading, it searches for DLL’s that are not present or not implemented securely (Full path of the DLL is not specified). If this is present, then it is possible to do a kind of privilege escalation called as DLL Hijacking

Masked Threat Right In Front Of You : Clickjacking

Clickjacking occurs when an attacker tricks a user into clicking on a button or link on another page when they were actually intending to click on the top level page or button.

A Clickjacking attack uses features of HTML and JavaScript to force the victim to perform an undesired activity, such as clicking a button that performs some other operation. This is a client-side security issue which affects a variety of browsers.


Suppose an attacker sends a link to a user that opens a website containing a button that says ">>WIN<<” However, on top of that page, the attacker has embedded an iframe with my Gmail account, and placed the "Delete Messages" button directly on top of the "WIN" button. The victim clicks on the "WIN" button but he is actually tricked to click on the invisible "Delete Messages" button. The attacker has "hijacked" the user's click, hence it is called "Clickjacking".

Kleptography : Employing Cryptography Against Cryptography

Kleptography : Employing Cryptography Against Cryptography

In the recent times spanning from the late 1980s till now, Kleptography and cryptosystems have been under discussion majorly because of the kind of threats that they possess to the security domain, and there have been innumerable number of scenarios that have been documented well about the kind of threats and attack that might be possible due to it. 

Although smart cards, trusted platform modules (TPMs), Hardware security modules (HSMs) and other forms of smart devices claim to secure the cryptographic keys from external intrusion, however one can never be sure about the authenticity that the black box claims of. So penetrative attack is quite common in black box cryptography. Furthermore, we can never be sure of what is happening after a black-box is implemented via encapsulation.

How JSON Rest API are prone to XML external entity injections?

As we know that REST and SOAP technology are responsible to handle and carry data in web services from client to server. Based on the requirement, the server parses or converted the requested data into its own format to process the request further. Developer implements either of these two REST API and SOAP services based the requirement which is completely different in nature and but performs same responsibility. 

Beware : Hackers can breach the security of application by exploiting the Weakness in SAML!!

The Security Assertion Markup Language (SAML) is an open standard for sharing security information about the identity, authorization, and authentication across different applications. SAML is implemented with the Extensible Markup Language (XML) standard for sharing data, and SAML provides a framework for implementing single sign-on (SSO) and other federated identity systems.


Subscribe to RSS - Security Articles