Recommendations for TLS/SSL Cipher Hardening

Transport Layer Security (TLS) and its predecessor, Secure Socket Layer (SSL) are widely used protocols designed secure the transfer of data between the client and the server through authentication, encryption and integrity. Contrary to common assumptions TLS/SSL is a not only a widely used technology in websites and web applications (using the HTTP protocol), but […]

Read More →

Sail Smooth with Cloud Threats, Part 2 – Cloud APIs

This is part-2 of a 2 part series that continues to discuss cloud threats and how they affect web applications in the cloud. The following addresses insecure API’s and Management Plane, deepening the threat landscape. Management Plane – Security Perspective The cloud API management plane is one of the most significant differences between traditional computing […]

Read More →

Domain Hijacking a.k.a Domain Spoofing

Domain hijacking, or domain spoofing is a type of attack whereby an organization’s domain is stolen by changing the registration of a domain name without prior authorization of the domain’s owner. Domain hijacking typically occurs with the intention of associating malicious content or phishing websites with a trusted, and otherwise legitimate domain. Domain hijacking typically […]

Read More →

GDPR: Data Controllers Be Prepared

As we delve deeper into the digital world of communication, from the perspective of privacy, the impact of personal data changes in proportion to the way we examine security. As organizations chime in this world, the normal methods that were employed to protect data have now become obsolete. This forces the security professionals to shift […]

Read More →

Sail Smooth with Cloud Threats – Cloud Security Issues

This is part-1 of a 2 part series that introduces the cloud and the types of threats and cloud security issues that opens the web application to compromisation. The following post addresses hypervisor breakouts, also known as VM escape. Cloud Introduction Cloud computing is the technology that equips the organizations to fabricate products and services […]

Read More →

Acunetix Receives Software Informer Editor’s Pick Award

Software Informer’s Editor Pedro Castro scores Acunetix Web Vulnerability Scanner 4.4 out of 5 in points and awards it the Editor’s Pick Award for excellence. “All in all, there is no doubt that Acunetix Web Vulnerability Scanner belongs to the must-have group of security software.It provides strong protection against many types of menaces and vulnerabilities,” […]

Read More →

What is Cryptojacking?

Cryptocurrencies have taken the world by storm in the past few years, making it hard to miss all the buzz around Bitcoin and Blockchain technology. While the cryptocurrencies are far from new to cybercriminals, cryptojacking opens up new ways attackers can easily monetize compromised websites without the need to distribute malware. For the uninitiated, cryptocurrencies […]

Read More →

What are DNS zone transfers (AXFR)?

DNS (Domain Name System) is one of the many systems that keeps the Internet humming and is responsible for resolving human-readable hostnames into machine-readable IP addresses. DNS servers host what are known as zones. A DNS zone is a portion of the domain name space that is served by a DNS server, and will contain […]

Read More →

The Evolving Security Paradigm, Part 2

This post is part 2 of a two-part series that addresses the rapid changes in security paradigms. The change to security not only affects operation, it increases the level of complexity in security designs. The following post discusses the history of security paradigms and the challenges that arise from their change. Firewall Designs & the […]

Read More →