There has been a lot of buzz about Heartbleed in the news recently. In this blog post, we have tried to put together the important things that one should know about Heartbleed. What is Heartbleed? Heartbleed is the popular name given to the recently found vulnerability(CVE-2014-0160) inOpenSSL - an open-source encryption library. More specifically, this is a bug in the OpenSSL Heartbeat protocol which results in a vulnerable server to leak or bleed confidential content in its memory space (and hence the name ‘Heartbleed’). What’s Heartbleed bug? OpenSSL is the most popular open-source library providing implementations of various cryptographic functions and SSL/TLS...
Over the past decade, E-Commerce applications have grown both in terms of numbers and complexity. Currently, E-Commerce application are going forward becoming more personalized, more mobile friendly and rich in functionality. Complicated recommendation algorithms are constantly running at the back end to make content searching as personalized as possible. Why a conventional application penetration testing is not enough for E-commerce Applications? E-Commerce applications are growing in complexity, as a result conventional application penetration is simply not enough. Conventional application penetration testing focus on vulnerability classes described in OWASP or WASC standards like SQL Injection, XSS, CSRF etc. (Read More: 5...
During the last few penetration testing conducted for certain organizations, we have discovered a surprising fact that almost all the SIEM implementation had gaps on the implementation levels. For example, in certain cases, SIEM did not even detect at all when the internal network was conducted with rigorous penetration testing. I am not saying that all the SIEM implements are as bad as stated; however, it is mandatory to find out if your SIEM implementation is actually as effective as you perceive it. (Read More: Is STORM Better Than HADOOP For Real Time Security Big Data Analytics?) How to find...
Bug bounty programs are quite common these days with several of the biggest names in the industry have launched various avatars of the program. I have been asked by a few security managers and managements about should they launch a bug bounty program. Definitely bug bounty program has the advantage of crowd sourcing. However an organization should be mature and prepared enough to launch such a program. Here are some questions which shall tell you if you are prepared or not. You are ready only if all the answers to the questions are “Yes”. You are ready if you can...
“The Art of Starting Small” for implementing secure SDLC
March 27, 2014 · No comments
Business Logic Testing for SaaS and Cloud Applications
March 12, 2014 · No comments
Counter-measures against Man-in-the-Browser attacks – Part 2
February 27, 2014 · 1 comment
How sites can track you even if you delete your Cookies???
February 21, 2014 · No comments
Must Know Business Logic Vulnerabilities In Banking Applications
January 23, 2013 · 3 comments
Advanced Persistent Threats Antivirus application penetration testing Application security Application Security Testing application security testing vendor Appliction Security testing attack tree Automated Penetration Testing Big Data Security Browser Cookies Business Logic Testing Business Logic Vulnerabilities Bypassing XSS Filters Cross Site Scripting Dynamic Application Security Testing ERP Security Ethical Hacking Firewall Guidelines for Pen-Testing a Joomla Based Site man in browser attacks Microsoft Share point Vulnerability Mobile Application Security Testing online application security online banking security Penetration Test Penetration Testing Pentest Pen Tester SaaS Applications SAP ERP Security SAP Security SDLC secure your Big Data Implementation security products vulnerabilities Security Storm security vulnerabilities Software Development Life Cycle Static Application Security Testing vulnerabilities in security products Vulnerability Management Web Application Security Testing web application vulnerability xss filters XSS Injection