Recently, cyber attacks have been on a rise, and it appears that every other day due to these attacks, businesses are being held to pay ransom to protect themselves or go out of business. There are businesses who have shut shop and then there are businesses which have paid ransom to secure themselves, however that doesn’t […]
Application SecurityGrailsTechnology
Some applications require to store and show last login of the user which is quite common. With this feature a user can verify the last login date and time upon successful login. I would like to explain this through a use case – One of the administrative application on Grails required to hold last login […]
Application SecurityTechnology
This blog discusses the utility and benefits of using a Host-based Intrusion Detection System (HIDS) tool: OSSEC in your environment. A host-based intrusion detection system provides real-time visibility into what activities are taking place on the servers, which adds to the additional security. There are various tools available in the market for this purpose: IBM […]
One security challenge we face these days is how to prevent our web servers from DDOS attacks. This blog illustrates how we can automatically block unwanted traffic based on request rate by using AWS WAF and Lambda. This setup automatically detects traffic based on request rate, and then updates AWS WAF configurations to block subsequent […]
Application SecurityTechnology
We have seen a lot of applications where some sub-domains or sub-directories are publicly exposed (intently or by mistake). So, with experience from our past pentests we have made a habit of testing for vulnerable or accessible sub-domains. During one of such testing, I was manually testing the URLs of different sub-domains of the application and […]
Introduction to Web Application Security Several times in a year does your personal or work computer ask you to update its security features despite the worldwide spending on information security standing around $80 billion in 2015. World Wide Web has become a vulnerable place, the more it saw a lot of sophistications and developments in […]
The more the e-commerce sector has flourished with the advent of technology in the recent years, the more it has become susceptible to attacks. Smart hackers deploy a number of crafty techniques to steal data including customer credit card information, phone numbers etc. These information can be sold in the black market that will earn […]
Application SecurityTechnology
Many applications provide an option to download some data as a CSV file. More often than not, this downloaded data is user controlled data. For instance, take the scenario where an administrator can export the data of all the users as a CSV file. The fields in the file include the details filled by the […]
Application SecurityAWSTechnology
I was recently searching for something on Google and came across this instance of what might be a logical vulnerability prevailing across multiple web applications. I was searching for publicly accessible Jenkins console through Google Dorking. My search query listed some of the websites that had Jenkins as a part of their domain name. Although this itself […]