Posts

Cyber Security Trends

Image
Cyber Security Trends As we remain on the edge of one more year, the war for our cybersecurity seethes on. There have been numerous information breaks in 2017, most strikingly for Equifax, Verizon, and Kmart. In any case, on the off chance that you look for a silver coating in the cloud, maybe you'll be happy of the news that the worldwide normal cost of an information rupture is down 10 percent over earlier years to $3.62 million, as indicated by the Ponemon Institute.  Tragically, the normal size of an information break expanded about two percent. Unmistakably there's still a lot of work to do. Here are a portion of the patterns, difficulties and dangers that anticipate all of us in 2018.  1. Prepared for the General Data Protection Regulation (GDPR)?  In the event that your arrangements for the European Union's new GDPR, clarifying how organizations should process, store, and secure the individual information of EU subjects are not finished, o

Disaster Recovery & Business Continuity

Image
Business Continuity & Disaster Recovery Fact 1 in 4 businesses never re-open their doors after a disaster. 90% of businesses fail within 2 years after being struck by a disaster. Information Systems are vulnerable to a variety of disruptions. Mild : Temporary power outages, disk failures etc. Severe : Equipment destruction, fire, natural disasters etc.  Organizations must have the ability to withstand hazards and achieve business objectives through both gradual & sudden changes.  Focus is on ‘Availability’ component of the famous C.I.A We achieve this through ‘Disaster Recovery Planning’ & ‘Business Continuity Planning’.  Disaster Recovery Planning (DRP)   The process of rebuilding your operations or infrastructure after the disaster has passed.  Business Continuity Planning (BCP)  The activities required to keep your organization running during a period of displacement or interruption of normal operations.    Why a B

OAUTH AUTHORIZATION SERVER

Image
OAuth 2 is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service, such as Facebook, GitHub, and DigitalOcean. It works by delegating user authentication to the service that hosts the user account, and authorizing third-party applications to access the user account. OAuth 2 provides authorization flows for web and desktop applications, and mobile devices. This instructional exercise we will make an application which might login with FACEBOOK account. What's more, we will get the secured data by the Facebook. So let’s get started ! The following diagram shows all the steps associated in this flow. Here the steps are; The application requests authorization to access service resources from the user. If the user authorized the request, the application receives an authorization grant.  The application requests an access token from the authorization server (API) by presenting authentication of its own identity,

Implementing Cross-site Request Forgery protection in web applications via Double Submit Cookies Patterns

Image
Double Submit Cookie In the event that putting away the CSRF token in session is risky, an elective guard is utilization of a twofold submit treat. A twofold submit treat is characterized as sending an arbitrary incentive in both a treat and as a demand parameter, with the server confirming if the treat esteem and demand esteem coordinate. At the point when a client verifies to a site, the site ought to create a (cryptographically solid) pseudorandom esteem and set it as a treat on the client's machine isolate from the session id. The site does not need to spare this incentive in any capacity, in this way maintaining a strategic distance from server side state. The site at that point requires that each exchange ask for incorporate this irregular incentive as a concealed frame esteem (or other demand parameter). A cross birthplace assailant can't read any information sent from the server or alter treat esteems, per the same-cause strategy. This implies while an aggre

Implementing Cross-site Request Forgery protection in web applications via Synchronizer Token Patterns is tested.

Image
Cross Site Request Forgery (CSRF) Cross-site scripting forgery or CSRF is an attack that forces an end client to execute undesirable activity on a web application in which they are presently verified. This is likewise called as a single tick attack or session riding attack. In the event that the casualty is a normal client the attacker can get restricted access to the framework. Yet, in the event that the casualty is an administrator CSRF can trade off the whole web application. There are two ways to secure the CSRF attack: Synchronizer Token, Double submit Cookies. How to mitigate CSRF Try not to open any messages, peruse to different destinations or play out some other informal organization correspondence while validated to your managing an account site or any site that performs budgetary exchanges. This will keep any noxious contents from being executed while being confirmed to a money related site. At whatever point you complete a saving money or budgetary exchange on a site