Penetration Testing RESTful Web Services

Today we are discussing about RESTful web services penetration testing, web services are the technologies used for data transmission between client and server in real time, according to W3C web services glossary a web service is a software system designed to support interoperable machine-to-machine interaction over a network, or we can…

ClickJacking Attacks & Mitigation Methods

The ClickJacking is the attack which is less known by the many of new security aspirants in web application security. The attack involves the overlaying of elements with some social engineering skills to exploit. This vulnerability is raised because of the improper configuration X-Frame-Options header, which is responsible for blocking…

Security Controls Requirements for Aadhaar API providers

With the commencement of Aadhaar project of UIDAI to round up all the citizen of India from centralized data repository of large user database to provide a unique identification of the Indian residents. today i am writing this blog for Aadhaar based authentication service providers companies because companies like NBFC…

Dumping the Firmware from the device Using buspirate

While doing penetration testing there are scenarios in which we need to dump the firmware from the devices.This method is typically used when there are no firmware’s available from vendor site. Today we are going to show you how to dump the firmware from an Wireless router Binatone DT 850W,…

Wannacry Ransomware Prevention Methods for End Users & System Administrators

Wannacry Ransomware Prevention techniques  for End Users & System & Security Administrators. Name of the Virus/Worm/Ransomware:    WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY Infected windows versions:   xp, vista, windows 2000, windows 2007, windows 8 What it is:  Wannacry Ransomware is systems appear to be a worm that contains and runs the Ransomware,…

IOT Communication Protocols

Today we are going to discuss on types  of communication protocols used in IOT devices and also its security aspects. What is the internet of things..? Internet of Things is nothing but the device which is connected with internet and sharing or receiving the data directly or indirectly called internet…

Legal and Technical perspective towards Cryptocurrency in India-Bitcoin

Today we are going to discuss about the Legal and technical perspective towards Cryptocurrency Bitcoin in Indian Scenario, Bitcoin has always been a gray topic for Government agencies and Investors so here we will discuss about the present scenario and realm after demonetization and impacts with the legal considerations in…

SCADA 360° Threat Landscape

Industrial Control System, Supervisory Control and Data Acquisition ICS-SCADA are an important element of the Critical Infrastructure in oil, gas refineries, waste water treatment plant, nuclear factories. With the “Stuxnet” it is proven that cyber criminals, Nation State actors can create a war like scenario and cause unprecedented damage by…

NESA-UAE IA Standards: The framework driving UAE’s Information Security

In the history of Information Security the most refined  working framework for standardizing the  evaluation of security was published in the 80’s in US by the name “Trusted Computer System Evaluation Criteria” aka the ”Orange Book”. Since then several information Security standards like IS027001, COBIT, NIST, OWASP top 10, PCI…