Security Archives - Page 2 of 2 - Anuj Varma, Hands-On Technology Architect, Clean Air Activist

Archives for Security - Page 2

Types of Security Scans

June 13, 2016 Types of Security Scans2016-06-13T13:32:54-05:00 Security No Comment

Port scanner ( Nmap) Network vulnerability scanner ( Nessus, SAINT, OpenVAS) Web application security scanner ( Nikto, w3af) Database security scanner Host based vulnerability scanner (Lynis)

HTTPs and Authentication based sites not necessarily secure

May 5, 2016 HTTPs and Authentication based sites not necessarily secure2016-05-05T10:05:38-05:00 Security No Comment

Simple HTTPs does little to protect your website. All it does is protect MITM (Man in the Middle) attacks. Even an authentication based website is not necessarily secure - each…

Certificates Demystified – root versus self signed, private versus public key

May 3, 2016 Certificates Demystified – root versus self signed, private versus public key2017-04-24T11:24:09-05:00 Security No Comment

I struggled a lot with understanding the nuances of security certificates – self-signed versus root certs, public keys versus private keys versus Certificate Authorities (CAs)….This post will attempt to clarify…

Random hostnames seen in Fiddler–when using Chrome

April 14, 2016 Random hostnames seen in Fiddler–when using Chrome2016-04-14T12:13:15-05:00 Security No Comment

If you use Google Chrome (and who doesn’t), then you might see requests such as those below when you start up your browser. Randomized hostnames – so obviously, you start…

Sanitizing image and pdf files prior to upload

April 11, 2016 Sanitizing image and pdf files prior to upload2016-04-11T19:28:17-05:00 Security No Comment

Does your site allow for file uploads of any sort? Pdfs? Jpegs? Anything whatsoever? All these file formats are notorious for allowing malware to piggyback onto them (a technique known…

Web Shells

April 8, 2016 Web Shells2016-04-13T17:05:01-05:00 Security No Comment

A web shell is a piece of code that essentially takes over your web ; By providing a simple web-executable file ( aspx file, php file…) that contains code to…

Web application intrusion testing

April 8, 2016 Web application intrusion testing2016-04-08T12:04:57-05:00 Security No Comment

What is Black Box Scanning? Black-box web application scanning, if we abstract from the details, is a simple process: Identify all links, forms, query string parameters. Send specially crafted strings…

Tableau Server Authentication Options

March 1, 2016 Tableau Server Authentication Options2016-03-01T21:30:17-06:00 Tableau No Comment

Tableau offers three choices for end user authentication No Authentication – Use an API key to access the public visualizations. No username/pwd or any other authentication mechanism required TTA –…

Workaround for session fixation

February 24, 2015 Workaround for session fixation2015-03-04T14:16:11-06:00 Security No Comment

Tomcat A new security feature for Apache Tomcat 7 is Session Fixation Protection. Essentially, when a user authenticates their session, Tomcat will change the session ID. It does not destroy…

ROLES for a typical web application

June 10, 2014 ROLES for a typical web application2014-06-10T21:38:09-05:00 Security No Comment

Roles help define WHICH USERS can do WHAT. So – an ADMIN is a super ROLE – wherein all users belonging this ROLE, can do things that regular users cannot.…