Introduction to Web Application Security Several times in a year does your personal or work computer ask you to update its security features despite the worldwide spending on information security standing around $80 billion in 2015. World Wide Web has become a vulnerable place, the more it saw a lot of sophistications and developments in […]
The more the e-commerce sector has flourished with the advent of technology in the recent years, the more it has become susceptible to attacks. Smart hackers deploy a number of crafty techniques to steal data including customer credit card information, phone numbers etc. These information can be sold in the black market that will earn […]
Application SecurityTechnology
Many applications provide an option to download some data as a CSV file. More often than not, this downloaded data is user controlled data. For instance, take the scenario where an administrator can export the data of all the users as a CSV file. The fields in the file include the details filled by the […]
Application SecurityAWSTechnology
I was recently searching for something on Google and came across this instance of what might be a logical vulnerability prevailing across multiple web applications. I was searching for publicly accessible Jenkins console through Google Dorking. My search query listed some of the websites that had Jenkins as a part of their domain name. Although this itself […]
Application SecurityTechnology
Android has been the most used mobile operating system till date. With the huge base of end-users, Android has been guilty of hosting numerous security related bugs in the past. With the latest version of Android 6.0 namely Marshmallow being released, I expected to see a few changes in the security model. Change in the permissions […]
Application SecurityTechnology
We saw different implementations of a password reset functionality to ensure application security along with their best practices in the first and the second blogs of the series. In this final blog of the series, we will discuss the concept of Multi-Factor Authentication (One Time Passwords i.e. OTP) for the implementation of a reset password […]
Being a technology focused company, TO THE NEW has always made its presence felt in major conferences around the world. This time, it was X0RC0NF in Cochin, India. I was invited to present my talk there and attend the conference as a speaker. The topic of my talk was “Anatomizing online payment systems: hack to […]
Application SecurityTechnology
Digital innovation has been evolving and growing in the financial space with time. It is no secret that the financial companies today see digital presence as a key component to their company’s success. Customers can now manage their finances from anywhere and at anytime using these digital offerings. But, this raises a serious issue. With […]
Application SecurityTechnology
Hackers and cyber criminals identify E-commerce sites as a source of information, such as credit cards and other PII (Personally identifiable information). To protect customers, it’s necessary to know how to protect the application and the sensitive customer data it has. All this involves user’s trust and assurance on the brand and yes, it is at […]