Heartbleed Advisory & FAQ Please find below a quick FAQ on the Heartbleed vulnerability and what you can to address it: UPDATE June 5, 2014: 7 New bugs fixed in OpenSSL Q. What is the Heartbleed vulnerability and what is its impact? The Heartbleed bug allows anyone on the Internet to read the memory of […]
Web Application security has become the biggest concern for almost all organizations who wish to bring their business to the Internet. There are various reasons behind why we are still unable to fix issues like SQL Injection, Cross-Site Scripting etc. These range from developer complacency, lack of knowledge about the security issues, lack of management […]
On the 2nd of July 2013, the Indian Government formally approved and published the National Cyber Security Policy (NCSP). The policy had been lying as a draft document and awaiting its formal release for some years now. Whether it is the USA’s PRISM program or some other factor that pushed the Government to officially release it, […]
In an earlier blog post I had published the summary of our findings of a malware analysis done, which had a number of common points with the Norman “Hangover” Report. At that stage the full report was not published, as I had initially wanted to share it with law enforcement agencies in India, which I […]
In early 2012, a client contacted us with suspicious-looking emails that he had received. There were two emails received by the client. While we completed the investigation and submitted the report to the customer at that time, we never took the case forward. However, when the Norman Hangover report was published it rang a few […]
Understanding PCI DSS and PA DSS is crucial to the role of a penetration tester. Quoting the relevant PCI-DSS or PA-DSS control reference for your findings would help demonstrate the proper risk arising from common security findings such as support of older SSL versions, weak encryption when storing cardholder data, lack of proper logs from […]
Over the past few years, we have completed a number of social engineering tests as part of advanced penetration testing at various organizations. Coincidentally, I recently read an excellent book called “Influence – the Psychology of Persuasion” by Dr. Robert Cialdini.and realized that it has some excellent lessons for anyone wanting to guard themselves from […]
