Information Security, SSAE 16, ISO 27001, CISA, Cert-IN
Anything under the umbrella of IT Security, Computer Security, IT Controls
Microsoft’s “IT Infrastructure Threat Modeling Guide” offers security advice.
Microsoft offers up security advice on how to fend off attacks against corporate IT resources by looking at ways that attackers can undermine an organization in its “IT Infrastructure Threat Modeling Guide”.
SQL injection is an attack on a web server which targets the database the web application is talking to. The aim of the attack is to trick the database server to run queries constructed by the attacker. These attacks can even effect database update or delete transactions.
Continue reading “Tech Terminology Demystified – SQL Injection”
A HTTP proxy can help you analyse the data that is sent back and forth between your browser and the websites you visit. It sits between your browser and the website you are visiting and it will hand you all the information that the browser is sending to the website. You have the option to even change the data that is being sent.
In many organizations, End users are generally found to have administrative privileges over their desktops and laptops. But this could turn out to be one of the most potent IT security risk faced by the organization. Continue reading “Cardinal Rule in IT Security – Remove admin rights for end users”
Day in and out we are reading and listening to news about how lost and stolen data, Virus attacks crippling organizations, unauthorized software that may contain malwares and so on. While it is impossible to eliminate IT risks altogether, certain steps can aid in placing less reliance on the persons and processes and more on technology. At the end of the day it is better to Push Security to End Users than to expect compliance. Continue reading “It doesn’t matter where the weakest link is as long as it exists.”
The perils of direct entry uploading into a database are well known … and the recent revelation by CBI on the modus operandi used in Satyam to book invoices is a grim reminder of this.
CBI has claimed to have unravelled through cyber forensic technique the modus operandi of Satyam in generating false invoices to show inflated sales. Continue reading “Direct Entry Upload – the Satyam Fraud Modus Operandi”
Conficker, also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windows operating system that was first detected in October 2008. The worm uses a combination of advanced malware techniques which has made it difficult to counter.
Experts say it is the worst infection since the SQL Slammer. Estimates of the number of computers infected range from almost 9 million PCs to 15 million computers, however a conservative minimum estimate is more like 3 million which is more than enough to cause great harm.
Malwares are malicious softwares that are created with a intention to damage information processing facilities. It is different from error in software which may cause the same end result but is not intentional. Malwares are written with a specific purpose to cause damage. What are the controls you can use for protection
Continue reading “Increasing threats from Malwares – Controls”
Cross-site scripting (XSS) is a type of security vulnerability typically found in web applications where attackers cause a web server to send a page that contains malicious HTML or other client side scripts to a victim’s browser.
Continue reading “Tech Terminology Demystified – Cross-site Scripting”
Public key cryptography as we know it is actually the outcome of efforts to solve a major issue with symmetric encryption systems (such as the DES)-key distribution. Concepts such as private key and public key represent the final step in the solution to the problem of key distribution. Continue reading “A History of Public Key Cryptography”