LATEST POST

6 Results tagged on "policy":

Implement "security.txt" to advocate responsible vuln. disclosures

After discussing CAA record in DNS to whitelist your certificate authorities in my previous article, do you know it's a matter of time that someone finds an issue with your web-presence, website or any front-facing application? If they do, what do you expect them to do? Keep it under the wrap, or disclose it to you "responsibly"? This article is for you if you advocate the responsible disclosure; else, you have to...
Read more

Restrict Certificate Authorities (CA) to issue SSL certs. Enable CAA record in DNS

It's been a long time since I audited someone's DNS file but recently while checking a client's DNS configuration I was surprised that the CAA records were set randomly "so to speak". I discussed with the administrator and was surprised to see that he has no clue of CAA, how it works and why is it so important to enable it correctly. That made me wonder, how many of us actually know...
Read more

An Interview by Timecamp on Data Protection

A few months back I was featured in an interview on Data Protection Tips with Timecamp. Only a handful of questions but they are well articultated for any organisation which is proactive & wants to address security in corporations, and their employees' & customers responsibilities. -- How do you evaluate people's awareness regarding the need to protect their private data? This is an exciting question as we have often faced challenges during data protection...
Read more

Don't be a security snob. Support your business team!

There have been many a times that access controls have been discussed in the meetings related to web development. With an interconnected world of APIs it is very important to understand the authentication of these end-points. One of the best approach I always vouch for is mutual authentication on SSL certificates (or 2 way SSL). Most of the times it is viable but it fails when either of party couldn't support it (hence not...
Read more

Digital Authentication and Password Rules by NIST

Passwords are important and it's no secret that we are bad in finding complex passwords during sign-up processes. The initial idea of OneID, or OAuth is not doing very well for the common user, and therefore people are registering on 100s of websites - commercial, social networks, banks etc. without managing well with password complexities. While the tools to crack 8-10 characters passwords are speeding up the process, people are still resenting to keep...
Read more

Employers investing in Social media Policy

While the topic may sound too dramatic, but this may soon shape into a legal IP rights (ref: Intellectual Property) issue in coming times. Over the last few years, there has been a constant change in the firm’s outlook about our personal cyber life. Some firms I know have been very aggressive in putting a strict policy upfront, at the time of joining. We are pushing our social IQ, and increasingly becoming more...
Read more