The attackers have surely moved their focus on web applications but this team is now fully prepared to detect and analyze any intrustion happening through their web applications. They've acquired these skills by going through a specialized training from K-Secure.
Tuesday, June 1, 2010
Web Attackers will have a tough time now!
The attackers have surely moved their focus on web applications but this team is now fully prepared to detect and analyze any intrustion happening through their web applications. They've acquired these skills by going through a specialized training from K-Secure.
Monday, April 26, 2010
Security Professionals' Group
We're glad to have formed a group of professionals working in the area of information security. In our first meeting yesterday, which was conducted at K-Secure's office in Mumbai, we discussed on the Vulnerability Assessment services, where the members shared their experiences talking about what vulnerabilities are commonly found and the challenges they face in closing them. There was also a demonstration of tools which made it more interesting.
The meeting was supposed to be for a 1 hour duration but there was so much excitement that we wanted to go on and on but finally decided to wind up after about 10 hours.
We have lots and lots of plans for the future of the group, so if you are interested in joining this group, please email to spg@ksecure.net.
The meeting was supposed to be for a 1 hour duration but there was so much excitement that we wanted to go on and on but finally decided to wind up after about 10 hours.
We have lots and lots of plans for the future of the group, so if you are interested in joining this group, please email to spg@ksecure.net.
Wednesday, April 21, 2010
OWASP Top 10 - 2010 released
Want to get started with application security? OWASP (The Open Web Application Security Project) has released the list of ten most critical web application security risks.
Top 10
------
A1: Injection
A2: Cross-Site Scripting (XSS)
A3: Broken Authentication and Session Management
A4: Insecure Direct Object References
A5: Cross-Site Request Forgery (CSRF)
A6: Security Misconfiguration (New)
A7: Insecure Cryptographic Storage
A8: Failure to Restrict URL Access
A9: Insufficient Transport Layer Protection
A10: Unvalidated Redirects and Forwards (New)
More on Top 10 is given here - OWASP Top 10
Top 10
------
A1: Injection
A2: Cross-Site Scripting (XSS)
A3: Broken Authentication and Session Management
A4: Insecure Direct Object References
A5: Cross-Site Request Forgery (CSRF)
A6: Security Misconfiguration (New)
A7: Insecure Cryptographic Storage
A8: Failure to Restrict URL Access
A9: Insufficient Transport Layer Protection
A10: Unvalidated Redirects and Forwards (New)
More on Top 10 is given here - OWASP Top 10
Friday, April 2, 2010
Facebook phishing through live chat with Ranbir Kapoor
I was hooked on for a while to Ranbir's live chat for the Pepsi game on facebook today. At the end of the session, i observed some messages informing the users that Ranbir was still online and asked them to click on a link. Though the link looked legitimate, however, I did not want to trust it so I ran my tools to do some investigation. Soon I found that it was taking me to another URL which included the word 'hacking'. Now I was very sure that it wasnt a genuine message. Little more into it and there came a page which looked exactly like the login page of Facebook. It did not need any further investigation as it was very obvious that this was a phishing site and was looking for usernames and passwords.
Wednesday, March 31, 2010
GIAC recertification - taking exam is not the only option
I have been taking GIAC exams every time any of my GIAC ceritifications was about to expire and I always wondered if they can come out with an alternate option like the CISSP's CPE approach. Well the time has come and GIAC has finally made a major shift and given some options to the certified professionals. In short they have this Certification Maintenance Unit (CMU) approach. You will need to have 36 CMUs to get recertified. The CMUs can be earned by publishing a technical research paper, completing information assurance related training, documented work experience or GIAC / SANS community participation. For more information you can check thier website - http://www.giac.org/certification-renewal/
Though you can escape the examination, however, you cannot escape the recertification fees of $399 which has to be paid irrespective of what option you choose for the recertification.
Though you can escape the examination, however, you cannot escape the recertification fees of $399 which has to be paid irrespective of what option you choose for the recertification.
Saturday, February 13, 2010
Monday, February 16, 2009
Workshop at Cert-In
Cert-In had organized a one day Workshop on "Application Security : Latest Trends" which was conducted on 30th January, 2009. The objective of the workshop was to create awareness among Indian IT Infrastructure and user organisations on the latest trends in Application Security. Delegates were from Government, Corporate and critical sector organizations.
We were invited to present on Defense Mechanisms where I gave an overview of the various ways of protecting web applications with more focus on web application firewalls. My presentation is available here - WAS Defense Mechanisms
We were invited to present on Defense Mechanisms where I gave an overview of the various ways of protecting web applications with more focus on web application firewalls. My presentation is available here - WAS Defense Mechanisms
Subscribe to:
Posts (Atom)
Posts
