Application Security, Cloud

Top 10 Security Recommendations for Online Businesses

Recently, cyber attacks have been on a rise, and it appears that every other day due to these attacks, businesses are being held to pay ransom to protect themselves or go out of business. There are businesses who have shut shop and then there are businesses which have paid ransom to secure themselves, however that doesn’t guarantee...

by Shakti Singh Rathore
Tag: application security
10-Feb-2017

Application Security, Grails

How to Perform event on successful login via Spring Security in Grails

Some applications require to store and show last login of the user which is quite common. With this feature a user can verify the last login date and time upon successful login. I would like to explain this through a use case - One of the administrative application on Grails required to hold last login date and time of the user, so...

by Vaibhav Sharma
Tag: application security
03-Jan-2017

Application Security, Technology

Benefits of Using a Host-Based Intrusion Detection System

This blog discusses the utility and benefits of using a Host-based Intrusion Detection System (HIDS) tool: OSSEC in your environment. A host-based intrusion detection system provides real-time visibility into what activities are taking place on the servers, which adds to the additional security. There are various tools available in...

by Prateek Malik
Tag: application security
27-Dec-2016

AWS, DevOps

Configuring Rate-Based Blacklisting of IP’s using AWS WAF and AWS Lambda

One security challenge we face these days is how to prevent our web servers from DDOS attacks. This blog illustrates how we can automatically block unwanted traffic based on request rate by using AWS WAF and Lambda. This setup automatically detects traffic based on request rate, and then updates AWS WAF configurations to block...

by Shruti Lamba
Tag: application security
26-Sep-2016

Application Security, Responsible Disclosures

How I discovered RCE through a Misconfigured plugin

We have seen a lot of applications where some sub-domains or sub-directories are publicly exposed (intently or by mistake). So, with experience from our past pentests we have made a habit of testing  for vulnerable or accessible sub-domains. During one of such testing, I was manually testing the URLs of different sub-domains of the...

by Ankit Giri
Tag: application security
13-Jan-2016

Application Security

Things You Must Know To Protect Your E-commerce Application

Introduction to Web Application Security Several times in a year does your personal or work computer ask you to update its security features despite the worldwide spending on information security standing around $80 billion in 2015. World Wide Web has become a vulnerable place, the more it saw a lot of sophistications and developments...

by Yoosuf
Tag: application security
07-Jan-2016

Application Security

[INFOGRAPHICS] E-commerce Application Security- How To Protect Your Applications?

The more the e-commerce sector has flourished with the advent of technology in the recent years, the more it has become susceptible to attacks. Smart hackers deploy a number of crafty techniques to steal data including customer credit card information, phone numbers etc. These information can be sold in the black market that will earn...

by Yoosuf
Tag: application security
04-Jan-2016

Application Security, Technology

Exploiting ‘Export as CSV’ functionality:The road to CSV Injection

Many applications provide an option to download some data as a CSV file. More often than not, this downloaded data is user controlled data. For instance, take the scenario where an administrator can export the data of all the users as a CSV file. The fields in the file include the details filled by the users. So technically, the...

by Nikhit Kumar
Tag: application security
11-Dec-2015

Application Security, AWS

Why compromised Jenkins can lead to a disaster?

I was recently searching for something on Google and came across this instance of what might be a logical vulnerability prevailing across multiple web applications. I was searching for publicly accessible Jenkins console through Google Dorking. My search query listed some of the websites that had Jenkins as a part of their domain...

by Ankit Giri
Tag: application security
04-Dec-2015

Application Security, Technology

Abusing Password reset functionality to steal user data (Part–3)

We saw different implementations of a password reset functionality to ensure application security along with their best practices in the first and the second blogs of the series. In this final blog of the series, we will discuss the concept of Multi-Factor Authentication (One Time Passwords i.e. OTP) for the implementation of a reset...

by Nikhit Kumar
Tag: application security
17-Nov-2015

Application Security, Technology

An essence of Application Security in Financial Sector

Digital innovation has been evolving and growing in the financial space with time. It is no secret that the financial companies today see digital presence as a key component to their company's success. Customers can now manage their finances from anywhere and at anytime using these digital offerings. But, this raises a serious issue. With...

by Nikhit Kumar
Tag: application security
19-Oct-2015

Application Security, Technology

An essence of Application Security in E-commerce

Hackers and cyber criminals identify E-commerce sites as a source of information, such as credit cards and other PII (Personally identifiable information). To protect customers, it's necessary to know how to protect the application and the sensitive customer data it has. All this involves user's trust and assurance on the brand and...

by Ankit Giri
Tag: application security
19-Oct-2015