Author name: Pavan Gumaste

Pavan Rao is a programmer / Developer by Profession and Cloud Computing Professional by choice with in-depth knowledge in AWS, Azure, Google Cloud Platform. He helps the organisation figure out what to build, ensure successful delivery, and incorporate user learning to improve the strategy and product further.

Web application Security – II

News & Updates / By /

We have already seen a few basics of web application security in Java in an earlier post. We will continue this post by extending the same discussion. We will discuss the two remaining authentication mechanisms followed by authorization. CLIENT-CERT AUTHENTICATION: The CLIENT_CERT authentication method is yet another way of authenticating the user. Compared to the BASIC and FORM based authentication, this is the most secure form of authentication.  Here the server authenticates the user by checking their public key certificate. The public key certificate is generated by an issuing authority such as the ‘certificate authority’ (CA) The CLIENT-CERT authentication uses …

Web application Security – II Read More »

Two Factor Authentication

News & Updates / By /

We have already read about ‘authentication’ and its role in security domains and software technologies.  Defining authentication yet again, ‘Authentication’ is specifying who you are to access protected resources. We will elaborate this concept to discuss 2FA or ‘Two factor authentication’ in this blog post. Why 2FA? Before we see what is meant by 2FA, let us see the reasons behind implementing 2FA. Data breaches are not new but the magnanimity of the breaches is growing each year. In 2014 alone, more than 1 billion personal records were accessed illegally. (zdnet.com)The ‘Anthem’ data breach, the IRS data breach are the …

Two Factor Authentication Read More »

Web Application Security

News & Updates / By /

Securing web applications in Java involves the very same core security concepts that are known to every InfoSec professional. These concepts and understanding the different authentication mechanisms for the ‘Web component developer’ exam forms the basis of this post. This post assumes knowledge of servlets, deployment descriptors and the servlet life cycle. The four security mechanisms: There are four basic security mechanisms that come into play when securing web applications. They are authentication, authorization, confidentiality and data integrity. Authentication is verifying who you really are. Specifying a name and password is one form of enforcing authentication. Authorization is giving individuals …

Web Application Security Read More »

Data privacy in the age of the Apple vs FBI debate

News & Updates / By /

With most of the technology world glued to the outcome of the tussle between Apple and FBI, “data privacy” again takes center stage in the age of social media. For almost a month now, the Apple vs FBI debate has kept us all guessing and taking sides on what is right and what is wrong. Our mobile world:               Smart phones, tablets and other mobile devices continue to grow in popularity and we store abundant amount of personal information in it. Chats, pictures, personal data, health data are all examples of some personal information stored on mobile devices. Seizing any …

Data privacy in the age of the Apple vs FBI debate Read More »

Dimensional modeling

News & Updates / By /

After having seen a few blog posts on security topics, we will turn our attention to ‘Data warehousing concepts’ and more specifically the modeling techniques in this post. This post assumes knowledge of basic databases like tables and fields. We have already seen the meaning of a Data warehouse, the reasons for creating a data warehouse and the components of a Data warehouse in earlier posts. Kimball approach to designing Data warehouses: Ralph Kimball preferred the bottom-up approach to designing data warehouses. Since the data warehouse is considered to be the union of all its data marts in the Kimball …

Dimensional modeling Read More »

Whatsapp Security

News & Updates / By /

The evolution of different technological tools to enhance communication is growing at a mind boggling pace. With the advent of the Internet in mid 90’s – we have seen messengers like Yahoo messenger, Windows Messenger and then we moved onto Google Talk, Skype, Viber and a number of social media tools like Facebook, Twitter, LinkedIn finally now we have ‘Whatsapp’.  All these and more have been born more on the necessity to communicate more effectively and in real time. The popularity of Whatsapp followed by its security limitations forms the basis of this post. Why is Whatsapp’s Popularity increasing? : …

Whatsapp Security Read More »

Tech Skills for 2016

News & Updates / By /

With the New Year under way most of us feel the need to rejuvenate ourselves with new skills in the tech industry. New aspirations, new career choices and the need to step up our career, motivates most of us. The skills that will likely to shape our career this year, is explored in this post. Programming languages like Java,C, C++, Python The concept of programming was a new one in the 90s, but not so now. It is more natural and normal for young teenagers to be in tune with the different programming languages and their importance. ‘Hackathons’ are organized …

Tech Skills for 2016 Read More »

You Too Can Become A Web Designer- Learn How

News & Updates / By /

People say a lot of things about web design. The most interesting thing is that very few people understand the dynamics of this art and the fact that it can be done by just about anyone. You do not have to be an engineer with expertise in software development in order to do web design. Anyone can do website design. All that you need is a clear understanding of the basics of web design. Within a surprisingly short time you will be on the way to creating your first website without having to pay a fortune in the process. Getting …

You Too Can Become A Web Designer- Learn How Read More »

Business Continuity plans(BCP) and Chennai floods

News & Updates / By /

In wake of the incessant rains in south India and the resultant flooding organizations had to put their ‘business continuity plans’ (BCP) into action. No sooner did the rains lash the relatively dry area did the city know of a new natural disaster that was getting unleashed. Coping with this new type of natural disaster required a BCP (business continuity plans) for most organizations in Chennai. What is BCP? ‘Business continuity’ may be an InfoSec professional’s domain of expertise but it was the need of the hour in Chennai. ‘Business continuity’ is planning to continue businesses at another location after disaster …

Business Continuity plans(BCP) and Chennai floods Read More »

Tor – The Onion Router

News & Updates / By /

Social media keeps us all firmly wrapped in its arms and life is as usual on the net oblivious to the many “virtual eyes”. Customer data is another new gold and grabbing it is the necessity of the day. “Deep web” or the “Dark net” is the place where there is no Internet surveillance. The “Deep web” was earlier only associated with criminal activities but that may be changing with a new set of extremely privacy conscious individuals who also seek anonymity while surfing. This is possible with browsers like Tor, Freenet, I2P and Tails. In addition, ‘The Deep web’ …

Tor – The Onion Router Read More »

Scroll to Top