This blog is all about Cyber Security and IT

This blog is all about Cyber Security and IT

Showing posts with label Cyber Updates. Show all posts
Showing posts with label Cyber Updates. Show all posts

Tuesday, July 7, 2020

No Rate Limit Bug on Forgot password


Overview of this BUG:A rate limiting is used to check if the user session has to be limited based on the information in the session cache. If user make too many requests within a given time , HTTP-Servers has to respond with status code 429: Too Many Requests. Description:- I have identified that when Forgetting Password for account , the request has no rate limit which then can be...

Sunday, July 5, 2020

Tuesday, April 28, 2020

Open URL Redirection Vulnerability- Well Explained


Overview: What are Redirects? Redirect means allowing a website to forward the request for the resources to another URL/endpoint. Let’s assume that you make a request to davindertutorials.com and davindertutorials.com can redirect you to another website(new-davindertutorials.com), so you’ll end up at new-davindertutorials.com even though the original request was made for davindertutorials.com....

Wednesday, March 27, 2019

Monday, March 18, 2019

Firewall, IDS, and IPS


The three devices commonly used to provide security are the firewall, the IDS, and the IPS. Firewall A firewall is a network security system that actively monitors and regulates the inbound and outbound network traffic based on a predefined security ruleset. A firewall typically acts a barrier between a trusted, secure internal network and an outside network, such as the Internet, which may not...

Wednesday, March 13, 2019

Defensive measures for Protecting Exploitation in Organisational Environment


Create a security policy that includes a section about password guidelines (key length, use of special characters, periodical expiration of keys, account blocking policy, etc.)Enable auditing services at the operating system level in end-user devices, servers and communications equipment and use log correlation software to perform event monitoring.Restrict access to the Administrator and root account...

Tuesday, March 12, 2019

Preventive Measures to Stop Enumeration


Multiple protocols are susceptible of enumeration, we should ask our client which ones are really needed in the network. The obvious preventive measure is to disable those insecure protocols that are not required in the network.However, this is not always feasible, especially if there are legacy applications in the organization that depends on insecure protocols to operate and for which there is...

Monday, March 11, 2019

Defensive measures for Less exposure of Vulnerabilities during scanning


Although the only 100% secure network is the one that is disconnected, we may take defensive measures that help us minimize security risks in our infrastructure during the scan.Here are some precautions that we can take:To start, you cannot scan an application that is not installed. This means that before putting a target on production we should do a “hardening” of the operating system, applications...

Sunday, March 10, 2019

How to conduct Professional Pentesting|Part-2 | Reconnaissance or footprinting


Reconnaissance is the first phase in the implementation of a hacking. The aim of this phase is to discover as much relevant information as we can from the client’s organization or victim.Now, depending on whether the interaction with the target is direct or indirect, the...

Defensive measures to Prevent reconnaissance attacks


Defensive measures Prevent reconnaissance attacks by 100% is virtually impossible, precisely because footprinting is based on finding publicly available information about the target organization. And this information it’s public for a good reason.For example, imagine the ABC organization which sells pet products through its website and through retail distribution stores.Would it make sense to keep...

Tuesday, March 5, 2019

ISO 27001 | Certification | Overview


ISO/IEC 27001, also known as ISO 27001, is a security standard that outlines the suggested requirements for building, monitoring and improving an information security management system (ISMS). An ISMS is a set of policies for protecting sensitive information, e.g., financial...

Thursday, February 28, 2019

Phishing is taking a wider look by Spear or Whaling attacks


WHAT IS SPEAR PHISHINGSpear phishing is a social engineering attack in which a perpetrator, disguised as a trusted individual, tricks a target into clicking a link in a spoofed email, text message or instant message. As a result, the target unwittingly reveals sensitive information, installs malicious programs (malware) on their network or executes the first stage of an advanced persistent...

Wednesday, February 27, 2019