Web Application security has become the biggest concern for almost all organizations who wish to bring their business to the Internet. There are various reasons behind why we are still unable to fix issues like SQL Injection, Cross-Site Scripting etc. These range from developer complacency, lack of knowledge about the security issues, lack of management […]
Recently “watering hole attacks” are getting popular among the hacking groups for targeting large groups of victims who routinely visit a popular website or discussion forum to share or discuss on common interests. Technically, these attacks work by tricking people to click on a “popular link” which is actually a window to download various malicious […]
The RBI constituted the Working Group on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds, which produced its report in January 2011. The Working Group was headed by Mr. G. Gopalakrishna and is popularly known as the Gopalakrishna Committee Report. The presentation below highlights some of the salient points, with special emphasis on […]
Summary of the presentation and research done – By Hugo Teso According to Teso, there are two sub-parts when it comes to aviation systems and understanding them. Concorde airplane or the airplanes of its time used to have all analog systems on-board and were highly isolated from the outside entities. Due to this there are […]
From the year 2012-2025 ICAO(International civil aviation organization) have decided to transform the present aviation environment by introducing new technology which will revolutionize present aviation industry. According to ICAO, the technology responsible to do so is named NextGen (Next Generation Air Transportation System), which is developed by the United States and will be mandatory […]
For my research, I chose to analyze a popular Android application for malwares. But why select a Russian version? Well, it made a compelling case study from analysis perspective that I later found out during my research. The application I selected was popular game called FruitNinja downloaded from Russian Fake Android Store (Figure 1). Figure […]
With the boundary-less work culture of the 21st century, organizations have started to wake up to the fact that they cannot withhold information within the confines of their heavily guarded data-centers. Clients, employees and vendors need the information on the servers, on their laptops, and on their handheld devices in order to continue smooth functioning […]
Overview I had to do the risk analysis of the Android 2.2 – Froyo based appliance and check for any security flaws exist in it before the XYZ Ltd. (just the example) company could launch that product in the market. Background How I get connected to appliance At start of my task I first assign […]
Over the past few years, we have completed a number of social engineering tests as part of advanced penetration testing at various organizations. Coincidentally, I recently read an excellent book called “Influence – the Psychology of Persuasion” by Dr. Robert Cialdini.and realized that it has some excellent lessons for anyone wanting to guard themselves from […]
This post is a complete switch over from my previous post on phishing modus operandi. A little background on the hack. I was doing an assessment of a financial application; the objective was to evaluate the security of the complete infrastructure on which the application will be hosted once it goes live. As oppose to […]
