LATEST POST

6 Results tagged on "cyberattack":

WAF and IPS. Does your environment need both?

I have been in fair amount of discussions with management on the need for WAF, and IPS; they often confuse them and their basic purpose. It has been usually discussed after a pentest or vulnerability assessment, that if I can't fix this vulnerability - shall I just put an IPS or WAF to protect the intrusion/ exploitation? Or, sometimes they are considered as the silver bullet to thwart off the attackers instead of fixing...
Read more

DDOS, it's time to turn your toasters off

Most of you are already aware of the fact that half of the internet went down (or slow), when a 'bad-hackers' group weaponized 'millions of insecure IOT devices' to attack a DNS provider. Personally from my browsing habits, I was largely effected by Twitter being dramatically slow while other sites felt little sluggish. Anyways, this brings us to a number of question(s), Should I be surprised? I think NO. We knew this sh*...
Read more

NIST view on Cyber Threat Information Sharing

Reference: 800_150_Draft Document Note: This article summarizes the draft paper, and may contain snippet(s) from it. I love you NIST (National Institute of Standards and Technology). I admire the contribution and knowledge available @NIST and we all have gained a lot from these standards. Now, when I read the draft on “Cyber Threat Information Sharing” (SP800-150) my first reaction was – Oh good God, finally its here! Its been so long I...
Read more

Verify before calling the attack as sophisticated!

These days I have been reading more and more about the sophisticated cyber attacks. There are agencies that report cyber attacks as state of the art – too awesome to detect. But, these news start with a pointer to vectors like "spear phishing" or “social media privacy leak” or plug in unknown USB. Now to me, this is weird because I don’t think any of these vectors point to “sophistication” in my...
Read more

Buckle up fellas! Are you ready for next Cyberattack?

Recently I came across the news of hospital network hacked, 4.5 million records stolen and was shocked. Sometimes I wonder is the offensive toolkit and mindset evolving stronger or is the defensive side withering away. Of all the developers I have interacted with, very few understand the need for security. They always undermine their application and its scalability. If your application or environment is handling ‘any’ records more than 10,000 in numbers...
Read more

OWASP is a cheat sheet, not Bible

First of all am sorry to all my readers/ subscribers that I haven’t been active on my blog. I know its been an year now, and the reason was silly enough – I couldn’t get hold of a good blogging client for Mac OS. But now, thanks to Blogo – I am back in business. On my windows box, Live Writer was to my rescue, but since I shifted to Mac, I couldn’t...
Read more