Whitehats CyberSecurity

With emergence of new device everyday from smart TV to smart refrigerator, microwave oven, fit bands, internet connected device is everywhere and is becoming part of our day  to day lives. While it is making lives easy for all of us and be more social, still it poses serious security risks and challenges. Apart from intruding our privacy, security challenges pose a major threat if the devices are not tested completely. In order to secure IOT, below are some of the areas that can be focused on.. Secure Design of IOT  This is the most critical part of IOT as every aspect of design should be thought keeping security in mind. If this first part fails, many components will be at risk. It should be designed keeping fail safe in mind which means a component failure does not risk the entire system. IOT Network Security This is very important as the traffic flows at all levels and network security forms a component to prevent any sort of attacks or breaches. Firewalls and IPS so

Cloud is the no more a new buzz, and slowly the world is moving towards cloud to save cost and transfer ownership of their own infra challenges to cloud vendors. There are many considerations for cloud and which model to follow completely depends on requirements and vision of an organizations moving to cloud. While cost plays a major role, still security challenges will still be in place when cloud is considered for the applications. There may be a case when applications are still developed in house and hosting happens on cloud as production. It is very important to simulate cloud security considerations when development of applications is in process. In many cases, development environment may not be more secure compared to production as it is required for testing, however this could also pose challenge as to make application fast and scalable, some security points may be left. In order to ensure cloud applications are secure enough for business purpose, few points are me

Vulnerability Management forms the core of cyber security be it infra or applications. Infrastructure layer vulnerability creates more challenges as it is connected to more internal networks and forms a backbone of organization business sustenance. While all organizations do vulnerability management, some internal with their own team, some through third party vendors, but still during attacks or security breaches, it is found more and more systems are prone to cyber attacks.  There are multiple solutions in the market from OEM to open source who claims to provide the hawk eye view of business security challenges, however still business owners finds it difficult to perform effective vulnerability management. We are listing here possible measures to ensure vulnerability management program is effective Discovery of Assets : - This forms the first steps and core of this program. If the assets are not tagged or discovered, then entire exercise goes in wrong direction. Any

Web application security forms the backbone of many business as it represents the web form of business review and conduct day to day business. In today's scenario, many web forms and business sites, perform major transactions on websites and moving to mobile applications. While security standards should be followed during coding phases, still there are major challenges when the application goes live. The reason for vulnerable application can vary depending on business needs as business wants the production to go at a rapid pace and still working on budgets to propose the security requirements, old/legacy codes with reusable components are used to rush the code to production. We will list down certain points which can be helpful to understand while starting web application security assessment. 1.  Understand the business applications         Before starting any assessment, it is very important to understand the business needs of the                 application. 

Web Application are the front face of business and shows the business value. While we write the blog, we present the below video from our channel for every one to make it easy to understand and what steps should be taken to complete the web application security testing.  Keep visiting more for more on application security

Network Penetration Testing shows the exposure of network to vulnerabilities and how easily that can be exploited. It is important for network admin to sensitize themselves towards network penetration testing methodology and how it can be achieved. See the video below...

In order to perform VA/PT, it is very important to understand all possible areas which could give some information on vulnerability.  Foot Printing is one such part which is described below. Foot Printing (Phase 1-VAPT)              EXTERNAL PT                                                                                 INTERNAL PT         Phone Number (Identify Phone No and do Social Eng.)       Internal DNS Network                                                                                        Private Websites Public Websites                                                                           Dumpster Diving Email (Use for Phishing)                                                             Shoulder Surfing Who is                                                                                           Eaves Dropping DNS IP Blocks Net Blocks WebSrv Content Source Code Website Mirroring OS Detecting Public Directo