fbpx
 

Author: Sam Alapati

SANS Top 20 Critical IT Controls. #13: Control Network Ports, Protocols and Services

You may think that since you have secured your network through firewalls and intrusion prevention devices, you must be secure. Not so fast! Attackers are constantly on the prowl, looking for any server or service they can exploit in your network. For example, a poorly configured web or mail server can be identified with an unauthorized external network scan. It’s not uncommon for a software package to automatically install an Apache server, for example, without the administrator or installer being […]

OWASP Top Ten Most Critical Web Application Risks. #1: Injection Flaws

The Open Web Application Security Project (OWASP) releases a list of the top ten web application vulnerabilities each year. OWASP is a non-profit open community dedicated to helping organizations develop and maintain trusty worthy web applications. The OWASP Top Ten represents the consensus option in the field about the most critical web application security flaws. Companies can perform web application vulnerability assessments to ensure they can find if those applications contain any of the vulnerabilities in the Top Ten list. […]

The Amazon cloud outage and the future of Cloud Computing

Amazon’s cloud service, which provides services to several well-known companies, such as Quora and FourSquare, suffered an outage for more than 24 hours between April 21-22, at its Northern Virginia Data Center. Amazon spreads out its data cloud infrastructure throughout the country, but the clients who were being supported from this center have experienced downtime – meaning their users couldn’t log into the company’s websites. This brings up the question as to whether one of the strongest selling points of […]

State of the Security Work Force 2011

Frost & Sullivan and the security professional group (ISC)2 recently conducted a survey on the state of security work force. The survey’s leader says that information security professionals are too busy with their day-to-day work to devote enough time for security related work. This inability to focus on security work leaves IT security professionals unprepared for major technological changes such as cloud computing and the increasingly sophisticated spectrum of application security threats. The survey’s report states that companies are potentially […]

SANS 20 Critical IT Security Controls: #12: Malware Defenses

One of the most vulnerable security areas is malicious software that hackers piggyback on to steal your data. Companies may suddenly find their E-Mail systems hacked because an employee unwittingly opened a malicious email attachment. Hackers target companies through malicious software that gains entry to your system though email attachments, web browser and mobile devices. To counteract malware, you must use antivirus and anti spyware software. Tools such as this can detect malware and block their execution. If you want […]

OWAP Top Ten – #3. Broken Authentication and Session Management

One of the most vulnerable areas of web applications is the authentication and session management. Weak authentication and session management enlaces hackers to steal passwords, session tokens, encryption keys and even assume the identity of legitimate users. Session IDs are frequently exposed without the SSL or TSL protection or revealed through the rewriting of URLs. The attackers could be external hackers or insiders who want to use other user’s accounts to perform malicious acts. The problem is caused mainly because […]

SANS 20 Critical IT Controls – #10: Continuous Vulnerability Assessment

Attackers are constantly are on the prowl for new vulnerabilities to exploit. You can expect hackers to launch numerous attacks right after vulnerabilities are discovered and announced. That is why it is important to apply vulnerability patches almost immediately after the vendor makes the patch available to you.

SANS 20 Critical Controls #9: Controlled Access Based on Need to Know

The first step you must take is to identify your sensitive data, by establishing a data identification scheme. A multi level data sensitivity classification based on the sensitive level of the data is especially useful.

In Archive