Introduction A thick client is a computer application runs as an executable on the client’s system and connects to an application server or sometimes directly to a database server. Unlike a web-based application, thick clients require a different approach to testing, as they are not easy to proxy using a client-side proxy tool such as […]

Starting out with enterprises equating information security with just having an antivirus, or a firewall, to cutting edge technologies are being adopted in security today – some uncommon even in more developed markets – the Indian Information Security domain has evolved. “We have come a long way from where the Indian journey in security started – […]

Software Project Governance – Using SDLC Metrics Software project costs generally form 40% of the total IT budget in most companies. However, seldom a software project meets all user requirements, is within the budget and is completed on time. Most software Projects fail to provide the required functionality in the scheduled time and budget. Thus, […]

This article highlights some of the key risks in executing a successful core banking migration program. Many of these risk elements also relate to any large IT project, but are more aligned towards a core banking migration.

Introduction Companies today have third party contracts with various vendors. Most of the process are outsourced to various companies. This is the most convenient and flexible way to work, so that overall management activities are limited to just vendor management alone. The quantum of work that is outsourced to third parties include not just IT, […]

Introduction With the onslaught of SMAC – Social Media, Analytics, Mobility and Cloud Computing – in our personal as well as professional lives, we are spending a huge amount of time and energy in a digital world. Many organizations are faced with the challenge of how to handle and even leverage these technological innovations to […]

The Internet of Things and Smart Cities – Security and Privacy Aspects In a world where the technology is constantly improving itself by the hour, the demand for a seamless integration of human needs and the digital word is on the rise. With every new device that we are procuring for our day to day […]

This article presents the key risks with DirectAccess and how to audit them. Let’s begin by first understanding the DirectAccess technology. Introduction of DirectAccess From the Wikipedia definition DirectAccess, also known as Unified Remote Access, is a VPN-like technology that provides intranet connectivity to client computers when they are connected to the Internet. Direct Access […]

Introduction Is your server protected against port scanning?  The general answer will be “Yes, I have a firewall which restricts access to internal servers from the Internet.” What if I tell you I can still scan the ports on your server and your firewall wouldn’t know about it! If the web application running on a […]

The Payment Card Industry Security Standards Council recently released their updated Information Supplement: Penetration Testing Guidance. The guidance document was last published in 2008 under the heading ‘Requirement 11.3 Penetration Testing’ The updated document marks a major difference in the approach taken by the PCI Council to clarify and educate stakeholders about the standard’s requirements […]