In WWDC 2019, apple announced “Sign in with Apple” with an eye catching tagline “You control your data”. Sign in with apple is a new authentication option to compete with the existing sign in providers like- Facebook, Google. The fascinating part of this new authentication technique which created buzz among techies was PRIVACY
While Uncle Sam might have all the means to watch all of us, there is so much he can do. Even though the above image might be couple of years older but the facts are still unchanged as per the sources.
Anand Prakash, founder of AppSecure Inc has been in limelight from past month. The reason is again the same- bug hunting. He is a noted bug hunter who has identified the so many security vulnerabilities in tech giants like- Facebook, Twitter, Uber etc. This time is in the news again for the vulnerability which he reported that allows an attacker to take control of any user account. He has also cemented his place in Forbes 30 under 30 award.
Sometimes there are few weaknesses in the application or infrastructure, which does not have serious impact. Developers often overlook these kinds of threats but when these threats are combined then it is called vulnerability chaining.
Riyaz Walikar, a well known face in the InfoSec industry is a security evangelist, offensive security expert and researcher with over 9 years of experience in the Internet and web application security industry.Currently he is Chief Offensive Security Officer at AppSecco.
Under certain conditions, MDS provides a program the potential means to read data that program otherwise would not be able to see. These techniques exploit speculative operations accessing data in micro-architectural structures in the CPU to expose bits of information through a side channel.
Mutated XSS happens when the attacker injects something that is seemingly safe, but rewritten and modified by the browser, while parsing the markup. This makes it extremely hard to detect or sanitize within the application logic
Shubham Mittal- Co-Founder of RedHunt Labs has been a well known personality in InfoSec industry. Shubham has so many Hall Of Fames, research works under his belt. He has been an active spekaer and trainer in so many well known InfoSec conferences and events. In this interview, Shubham opens up about his journey and so many various other topics.
With the alarming rate of increase in Cyber Security crimes, there will come a time when we might have to witness births of new dark web sites every day, if no proper measures are taken in account to reduce or prevent cyber-crime. On the contrary, every invention comes with good and bad. There is better use of Dark Web than bad. It all depends on how it is used.
As the name indicates, Security comes in between the Dev and Operations. The security is aligned with the entire process to reduce the risk in the initial phase of the Dev cycle. DevSecOps involves creating a 'Security as Code' culture with ongoing, flexible collaboration between release engineers and security teams.
A buffer overflow takes place when more data is put into a fixed-length buffer than the buffer can handle. The extra information, which has to go somewhere, can overflow into adjacent memory space, corrupting or overwriting the data held in that space.
Kamal Kishore Seepana, currently working as Manager- Information Security in Sony India Software centre comes with 10+ years of rich experience. He has excelled himself in various fields of InfoSec ranging from Governance, IT/IS Risk Management, Compliance, ISMS Implementation, ITGC audits, DLP implementation, Vulnerability assessment, Penetration Testing, System architecture design and review.
Two-factor authentication (also known as 2FA) is a type, or subset, of multi-factor authentication. It is a method of confirming users' claimed identities by using a combination of two different factors: 1) something they know, 2) something they have, or 3) something they are.
A cookie is a small piece of data that a server sends to the user's web browser. The browser may store it and send it back with the next request to the same server. Cookies let us get around the statelessness of the HTTP protocol by storing data at the client-side. Usually the cookies are set using Set-cookie in the HTTP header.
A Penetration testing tool built using Machine Learning concept.The notable feature is the tool has the self-learning capability with very less time as it has adopted the advanced machine learning model called A3C.
Social engineering strikes again and this time its via QR code.QRLjacking or Quick Response Code Login
jacking is a simple social engineering attack vector capable of session hijacking affecting all the applications
that rely on "Login with QR code" feature as a secure way to login into accounts.
Biohacking is managing own biology with medical, nutritional and electronic techniques which can include
use of smart drugs(nootropics), non-toxic substances and different cybernetic devices. This can be any
form like experimenting with DNA or injecting new stuff in body (like microchip, camera, NFC, etc.).
People who experiment on their own body called themselves biohacker and are also known as Grinder.
The invention of the blockchain for bitcoin made it the first digital currency to solve the double spending
problem without the need of a trusted authority or central server. The bitcoin design has been the inspiration
for other applications.