Banner

Author name: Pavan Gumaste

Pavan Rao is a programmer / Developer by Profession and Cloud Computing Professional by choice with in-depth knowledge in AWS, Azure, Google Cloud Platform. He helps the organisation figure out what to build, ensure successful delivery, and incorporate user learning to improve the strategy and product further.

What is Shodan?

News & Updates / By

Having a life without ‘Google’ is hard to imagine today. We would be lost without the popular search engine in our lives. The popular retort “Google it” is always on our lips for any query posed by anybody. While Google searches for web sites, there is another search engine that is slowly gaining prominence. This is ‘Shodan’. ‘Shodan’ is a search engine for ‘IoT’ or ‘Internet of things’. Internet of things or ‘IoT’: Before we start discussing ‘Shodan’ let us first explain ‘IoT’. Recall, that we have already discussed ‘IoT’ in an earlier post. ‘Internet of things’ can be defined […]

What is Shodan? Read More »

What is Web application Security – Part 3

News & Updates / By

‘Web application security’ is part of the ‘Web component developer’ exam and we have already seen two posts relating to it. Recall, that we have already discussed the four authentication methods and the web resource collection element which is part of the authorization. We conclude the discussion of ‘Web application security’ by talking about the authorization constraint and user data constraint in this post. The different authorization constraints: Authorization is giving authenticated or unauthenticated roles access to restricted resources. Let us consider the first type of authorization constraint. Here, roles such as ‘Super user’ and ‘Normal user’ are allowed to

What is Web application Security – Part 3 Read More »

Godless’ Android malware

News & Updates / By

‘Security’ aspects touch all our lives in some way or the other. We would have been victims of security hack at one time or other. Phishing emails, fake social media profiles, credit card fraud – some of these events may touch us in one way or the other. It is a good idea to prevent against these attacks by being up-to-date on the current Infosec incidents and knowing the ways to avoid them. With that thought in mind, we will discuss the ‘Godless’ malware in today’s post. Android devices: With mobile phone and device usage reaching unprecedented levels, it is

Godless’ Android malware Read More »

Cryptography

News & Updates / By

‘Cryptography’ is the ability to hide messages from intermediate persons and ensure effective and secure communication between different parties. ‘Cryptography’s’ origins can be traced back to 2000 B.C. Egypt (when hieroglyphics were used) and to the time of Julius Caesar where alphabets were shifted to encrypt a message. We also see various instances of cryptography in movies such as ‘The Da Vinci code’, ‘The Imitation game’, ‘Pi’, ‘Enigma’ among others. We will see the two different types of encryption – symmetric and asymmetric algorithms and primarily focus our discussion on the symmetric algorithm. Introduction: The key terms that are associated

Cryptography Read More »

Web application Security – II

News & Updates / By

We have already seen a few basics of web application security in Java in an earlier post. We will continue this post by extending the same discussion. We will discuss the two remaining authentication mechanisms followed by authorization. CLIENT-CERT AUTHENTICATION: The CLIENT_CERT authentication method is yet another way of authenticating the user. Compared to the BASIC and FORM based authentication, this is the most secure form of authentication.  Here the server authenticates the user by checking their public key certificate. The public key certificate is generated by an issuing authority such as the ‘certificate authority’ (CA) The CLIENT-CERT authentication uses

Web application Security – II Read More »

Two Factor Authentication

News & Updates / By

We have already read about ‘authentication’ and its role in security domains and software technologies.  Defining authentication yet again, ‘Authentication’ is specifying who you are to access protected resources. We will elaborate this concept to discuss 2FA or ‘Two factor authentication’ in this blog post. Why 2FA? Before we see what is meant by 2FA, let us see the reasons behind implementing 2FA. Data breaches are not new but the magnanimity of the breaches is growing each year. In 2014 alone, more than 1 billion personal records were accessed illegally. (zdnet.com)The ‘Anthem’ data breach, the IRS data breach are the

Two Factor Authentication Read More »

Web Application Security

News & Updates / By

Securing web applications in Java involves the very same core security concepts that are known to every InfoSec professional. These concepts and understanding the different authentication mechanisms for the ‘Web component developer’ exam forms the basis of this post. This post assumes knowledge of servlets, deployment descriptors and the servlet life cycle. The four security mechanisms: There are four basic security mechanisms that come into play when securing web applications. They are authentication, authorization, confidentiality and data integrity. Authentication is verifying who you really are. Specifying a name and password is one form of enforcing authentication. Authorization is giving individuals

Web Application Security Read More »

Data privacy in the age of the Apple vs FBI debate

News & Updates / By

With most of the technology world glued to the outcome of the tussle between Apple and FBI, “data privacy” again takes center stage in the age of social media. For almost a month now, the Apple vs FBI debate has kept us all guessing and taking sides on what is right and what is wrong. Our mobile world:               Smart phones, tablets and other mobile devices continue to grow in popularity and we store abundant amount of personal information in it. Chats, pictures, personal data, health data are all examples of some personal information stored on mobile devices. Seizing any

Data privacy in the age of the Apple vs FBI debate Read More »

Dimensional modeling

News & Updates / By

After having seen a few blog posts on security topics, we will turn our attention to ‘Data warehousing concepts’ and more specifically the modeling techniques in this post. This post assumes knowledge of basic databases like tables and fields. We have already seen the meaning of a Data warehouse, the reasons for creating a data warehouse and the components of a Data warehouse in earlier posts. Kimball approach to designing Data warehouses: Ralph Kimball preferred the bottom-up approach to designing data warehouses. Since the data warehouse is considered to be the union of all its data marts in the Kimball

Dimensional modeling Read More »

Whatsapp Security

News & Updates / By

The evolution of different technological tools to enhance communication is growing at a mind boggling pace. With the advent of the Internet in mid 90’s – we have seen messengers like Yahoo messenger, Windows Messenger and then we moved onto Google Talk, Skype, Viber and a number of social media tools like Facebook, Twitter, LinkedIn finally now we have ‘Whatsapp’.  All these and more have been born more on the necessity to communicate more effectively and in real time. The popularity of Whatsapp followed by its security limitations forms the basis of this post. Why is Whatsapp’s Popularity increasing? :

Whatsapp Security Read More »

Scroll to Top