Application Security, Technology

Why Payment Gateway Process Needs to be Tested?

A company that handles the transactions between two parties (i.e. merchant and customer) is called payment processor. The payment is accomplished by passing on the payment information, like a credit card/debit card, from the customer to the merchant’s preferred bank account. There are several payment processing companies functioning in...


Application Security, Technology

Deadliest Web Attacks and How to Shield from Them

Do you think your web application is sheltered and safe? Think again! 2016 was a year which saw a portion of the most exceedingly awful digital assaults whether it be the 32 lakh Indian bank debit/credit cards data traded off or Mark Zuckerberg himself getting his Twitter and Pinterest accounts hacked. Cyber Attacks are continuously...


Application Security, Technology

Ransomware – A CryptoViral Extortion Attack

Ransomware is malicious software that blocks access to data until the ransom is paid. An advanced type of ransomware encrypts the files on the system. Since it restricts the user from accessing their records, it can be termed as Denial Of Service attack. To get back the access to files or to get the data decrypted, the victim is...


Application Security, Technology

What Lies Ahead of Web Attacks in 2017?

Being in the middle of the second quarter of 2017, we can already find a number of reports regarding web attacks, also known as cyber-attacks or cyber threats. Due to a constant rate of increase of reports regarding web attacks, it is essential for people all over the world to be aware of the imminent attacks or threats. From the loss of...


Application Security, Product Engineering

XSS (Cross Site Scripting) Blog Series I Blog 1: Overview, Vulnerabilities and Types of Attacks

Have you witnessed a scenario where a trusted site gets injected with a malicious script attack? Well, commonly people refer this as a "'Cross Site Scripting' attack. The XSS scripts injected into a site can leak out sensitive data and information including cookies, session tokens, and auth tokens. The vulnerability of the XSS attack is...


Application Security, Cloud

Top 10 Security Recommendations for Online Businesses

Recently, cyber attacks have been on a rise, and it appears that every other day due to these attacks, businesses are being held to pay ransom to protect themselves or go out of business. There are businesses who have shut shop and then there are businesses which have paid ransom to secure themselves, however that doesn’t guarantee...


Application Security, Grails

How to Perform event on successful login via Spring Security in Grails

Some applications require to store and show last login of the user which is quite common. With this feature a user can verify the last login date and time upon successful login. I would like to explain this through a use case - One of the administrative application on Grails required to hold last login date and time of the user, so...


Application Security, Technology

Benefits of Using a Host-Based Intrusion Detection System

This blog discusses the utility and benefits of using a Host-based Intrusion Detection System (HIDS) tool: OSSEC in your environment. A host-based intrusion detection system provides real-time visibility into what activities are taking place on the servers, which adds to the additional security. There are various tools available in...


Application Security, AWS

Security Best Practices

Security Best Practices More and more organizations today realize how important it is to manage security of their websites and applications on cloud or on-premise datacenters. Organizations are rapidly adopting Hybrid Cloud models in which managing security is of paramount importance. In order to cater to rapidly changing business...


Application Security, AWS

The A to Z of Public Cloud Security Tools

You may wonder why an arrangement of servers, constructed of hard metal, which tend to run hot and weigh thousands of pounds, be called a “cloud”? This can be propped up only by an engineering diagram, in which data travels by an undefined pathway from beginning to end. So, the cloud refers to the randomized packet transfer protocol...


Application Security, DevOps

Preventing cryptographic protocols from “DROWN attack”

DROWN is an abbreviation for Decrypting RSA with Obsolete and Weakened encryption and is seems to be applicable on servers using SSLV2. Just like Heartbleed, it may impact more than 11 million websites using OpenSSL.This blog explains Preventing cryptographic protocols from "DROWN attack". What this vulnerability can do? DROWN...


Application Security, Technology

(In)Secure Authentication schemes in REST APIs

To make authenticated REST API calls in applications, several authentication schemes are used by developers. Some of them use HTTP Basic Authentication scheme, and others, as per their needs(or wants), use custom authentication schemes. Now, it's good to experiment but not at the cost of security. In this blog, we will look into the...