Application Security, AWS

The A to Z of Public Cloud Security Tools

You may wonder why an arrangement of servers, constructed of hard metal, which tend to run hot and weigh thousands of pounds, be called a “cloud”? This can be propped up only by an engineering diagram, in which data travels by an undefined pathway from beginning to end. So, the cloud refers to the randomized packet transfer protocol...

by Ranvijay Jamwal
Tag: Grails Security
10-Jun-2016

Application Security, Technology

Android 6.0(Marshmallow) : What’s new in Security

Android has been the most used mobile operating system till date. With the huge base of end-users, Android has been guilty of hosting numerous security related bugs in the past. With the latest version of Android 6.0 namely Marshmallow being released, I expected to see a few changes in the security model. Change in the permissions...

by Ankit Giri
Tag: Grails Security
26-Nov-2015

Application Security

Experience at X0RC0NF, 2015 – A security conference

Being a technology focused company, TO THE NEW has always made its presence felt in major conferences around the world. This time, it was X0RC0NF in Cochin, India. I was invited to present my talk there and attend the conference as a speaker. The topic of my talk was "Anatomizing online payment systems: hack to shop", majorly focusing on...

by Abhinav Mishra
Tag: Grails Security
19-Oct-2015

AWS, DevOps

Unifying control of multiple AWS accounts by using AWS STS

Recently, we came across a scenario where we need to create AMIs of multiple production servers running in four different AWS accounts. One solution was to create an automation script to be run on an AWS EC2 instance running in each aws account which would create AMI of all production servers running in each account. This would have...

by Navjot Singh
Tag: Grails Security
09-Oct-2015

Application Security

An essence of Application Security in Healthcare Sector

Hackers and cyber criminals identify healthcare organizations as a source of assets, similar in a way that a bank has monetary assets. In case you have any doubt about the previous statement, I would like to reassure you that healthcare information has a monetary value and worth. And yes, it is at risk. What is wrong with the Healthcare...

by Ankit Giri
Tag: Grails Security
06-Oct-2015

Application Security

Abusing Password reset functionality to steal user data (Part–2)

In continuation to my last blog about possible attacks on a password reset functionality, this part of the same series will look into below two implementations: • Email sent with a temporary password or current password • Secret questions asked and then given the option to reset the password I will mention possible issues which...

by Abhinav Mishra
Tag: Grails Security
29-Sep-2015

Application Security, Technology

OpenSSL Vulnerability (CVE-2015-1793) and Remediation

A high-severity vulnerability was announced by OpenSSL. This vulnerability is marked as CVE-2015-1793. Common Vulnerabilities and Exposures is a system that provides a reference-method for publicly known security vulnerabilities and exposures. This blog explains OpenSSL Vulnerability (CVE-2015-1793) and Remediation. OpenSSL Team released...

by Ankit Giri
Tag: Grails Security
27-Jul-2015

AWS, DevOps

Jenkins – Implementing Project-based Matrix Authorization Strategy

In one of my recent projects, while working on Jenkins, I was required to create and implement a Project-based Matrix Authorization Strategy. Installation of Jenkins is a simple task, but it took me a while to implement this strategy and later I found it quite easy enough and thought of writing a blog. Project-based Matrix...

by Navjot Singh
Tag: Grails Security
09-Jun-2015

Application Security, Grails

Spring Security & Grails: Cross domain authentication from HTTP to HTTPS

We were trying to implement SSL-based login and registration (i.e. HTTPS) in an e-commerce web application which was otherwise using the non-secure protocol (i.e. HTTP) for the entire website. Instead of moving the entire web application to SSL, which would have increased response times, we thought it would be best if only the...

by Roni C. Thomas
Tag: Grails Security
01-Oct-2013

Grails

Handling Instance Based Security

In my current project, we were required to implement Instance Based Security. The idea was to find a clean solution separate from the main business logic of the application. We took a clue from the Spring Security Plugin to use the Annotations to do our job. All we wanted to do was to develop annotations for actions, which could help to...

by Imran Mir
Tag: Grails Security
06-Apr-2011

Grails

Working With REST Call…

Recently I got an opportunity to work on making some parts of an application RESTful with secured access. It has been a good learning experience so far and encouraged me to write a blog on it. What I have done is nothing new but I never got things at one place in clear terms. So here is my effort to shed some clarity on it and hope that...

by Sachin
Tag: Grails Security
28-Apr-2010