All Blog Posts (1,173)

Bitcoin Transaction Malleability: An Insight

Bitcoin Transaction Malleability, an Insight by Daniel Chechik.The bitcoin network vulnerability had disturbed the huge bitcoin network. Plenty trading websites like Silk Road,MTGox and more have been victim to "Bitcoin Transaction Malleability." This talk will take you through the vulnerability and how exactly it may be exploited.…


Added by CISO Platform on December 19, 2014 at 2:30am — No Comments

Cyber Safety in Cars and Medical Devices

Cyber Safety in Cars and Medical Devices by Beau Woods, creator of IOT Security Framework. We are adopting connecting, computerized technology faster than we are able to secure it. When this technology is integrated into life and safety systems, bits and bytes meet flesh and bone. We must know, not just hope, that devices with the ability to impact human life and public safety are worthy of our trust. Learn how the safety impacts of merging cyber security with cars and…


Added by CISO Platform on December 19, 2014 at 2:30am — No Comments

More Shadow Walker The Progression of TLB Splitting On X86 Jacob Torrey

This talk will cover the concept of mis-using the hardware (x86 translation lookaside buffer) to provide code hiding and how the evolution of the Intel x86 architecture has rendered previous techniques obsolete and new techniques to perform TLB-splitting on modern hardware. After requisite background is provided, the talk will then move to the new research, the author's method for splitting a TLB on Core i-series and newer processors and how it can again be used for defensive (MoRE…


Added by CISO Platform on December 19, 2014 at 2:00am — No Comments

Guideline for Secure Configuring SAP NetWeaver ABAP

With this article we are starting a new series of guidelines describing some basic assessment procedures one can carry out on various business applications that would help security professionals to expand their ERP systems’ immunity to attacks.

As we all know, ERP systems such as SAP may favour the quality of management of all the information and resources involved in a company's operations.

However, while ERP applications promote the way business processes are organized, they…


Added by Alexander Polyakov on December 8, 2014 at 2:00pm — No Comments

CISO Platform Annual Summit, 2014 Highlights

CISO Platform Annual Summit @ Mumbai, last week saw over 250+ attendees for over 2 days making the the spirit of knowledge sharing and learning a huge success in the Information Security Executives of India. Here are the highlights of the awesome keynotes, electrocuting Turbo sessions and some great knowledge boost training sessions.

(Read more:  …


Added by pritha on December 4, 2014 at 6:00pm — No Comments

6 Key Principals for creating a Secure Cloud

Securing a cloud environment requires, and offers a new approach to security: holistic Security Intelligence. Many organizations have dozens of different point products to address security concerns. For example, they may have a firewall from one vendor, identity management from another, and application scanning from a third. This creates a siloed approach to security. However, as attacks become both more complex and sophisticated, it has become a priority to look across all of these…


Added by CISO Platform on December 4, 2014 at 3:30pm — No Comments

Why current SAP Security Guides Always Provide So Little Help?

This article will be about different guidelines, which can help to secure your SAP system. But nothing to worry about - this post will nevertheless remain useful and interesting, even if it does not contain information about 0-days or have no words like “cyber” or “weapon” in title. So, let’s go.

This blog post will be about new guideline, or standard, for securing - or testing of the security - of SAP implementations, which is going to be a first standard of the EAS-SEC standard…


Added by Alexander Polyakov on December 3, 2014 at 7:30pm — No Comments

5 Key Benefits of Source Code Analysis

Static Code Analysis: Binary vs. Source

Static Code Analysis is the technique of automatically analyzing the application’s source and binary code to find security vulnerabilities. According to Gartner’s 2011 Magic Quadrant for Static Application Security Testing (SAST), “SAST should be…


Added by CISO Platform on December 2, 2014 at 7:00pm — No Comments

Source Code Analysis- How to Remediate your Vulnerabilities

The AppSec How -To:Visualizing and Effectively Remediating Your Vulnerabilities: The biggest challenge when working with Source Code Analysis (SCA) tools is how to effectively prioritize and fix the numerous results. Developers are quickly overwhelmed trying to analyze security reports containing results that…


Added by CISO Platform on December 2, 2014 at 4:00pm — No Comments

10 Steps to Secure Agile Development

In Agile’s fast-paced environment and frequent releases,security reviews and testing sound like an impediment to success. How can you keep up with Agile demands of continuous integration and continuous deployment without abandoning security best practices? 

Companies have found the following ten practices helpful to achieve a holistic secure…


Added by CISO Platform on December 1, 2014 at 4:30pm — No Comments

Your Guide to Multi-Layered Web Security

Why Read This Report

The data center perimeter is dead. But its memory lives on in the way many IT departments continue to secure their infrastructure. The meteoric rise of the Internet brought with it an ever-changing landscape of new attacks and completely disrupted organizations’ old models of guarding their IT infrastructure. Previously, information assets that needed protection all resided in a fortress…


Added by CISO Platform on November 18, 2014 at 10:30pm — 1 Comment

Safeguard Enterprise Data during Employee Separation

Organization scramble to achieve high business growth often overlooked the underlying processes which are the core of any business operation. A manual process to handle employee separation process lead devastating circumstances. Most organization take almost couple of weeks to manage separation process and at times it become unnoticeable for years. There have been cases of data loss, where employees were part of such acts during transition to new job. A report by “Bnet” shows that 45…


Added by Mohit Kohli on November 10, 2014 at 2:30pm — No Comments

Safeguarding Critical Data & Strong Backup

To protect sensitive/critical data available on users’ laptops we implemented a remote backup solution that can back up the important files and folders on the users’ laptop to a remote server. The main purpose was to safeguard the sensitive/critical information against the accidental loss/damage/ corruption and ensure its availability as and when required, by making an additional copy on a remote server kept at a secured location. Organization’s Need is cost effective solution, on demand or…


Added by pritha on October 21, 2014 at 3:00pm — No Comments

7 Tips For DLP Implementation

Kotak Mahindra Bank has initiated the DLP implementation across all business units in a phased manner and the implementation was started 6 months ago with critical business units. The solution monitors all channels, viz. Internet, Email and End point.

1. Proper strategy and planning are vital for successful DLP implementation.

2. Get management support for the Project. Identify the critical business units considered for DLP implementation.

3. Get the data classification…


Added by pritha on October 21, 2014 at 2:30pm — 2 Comments

7 Tips A CISO Should Know To Implement Endpoint Protection & IT Asset Management

This project mainly aims to have an enterprise wide ITAM (IT Asset Management) Systems and endpoint protection and also to maintain the hardware and software inventory. It also brought in centralized IT management and control mechanisms for polices enforcement, monitoring and reporting to present a complete picture of endpoint status of the organization.

(Read more:  …


Added by pritha on October 21, 2014 at 2:30pm — No Comments

Shellshock Bug: A Quick Primer

What is Shellshock Bug?

Shellshock is a security vulnerability(CVE-2014-6271) in the widely used Unix Bash Shell which was discovered by Stéphane Chazelas on 12 September 2014 and disclosed on 24 September 2014. Subsequently, various researchers have discovered multiple other vulnerabilities in bash.…


Added by Nilanjan De on October 1, 2014 at 4:00pm — No Comments

SIEM Tools: Implementation Guide and Vendor Evaluation Checklist

Current Project Synopsis:

  • Responsible for Information Security of next generation mobile and fixed broadband networks (LTE/WiFi/FTTx) with All-IP networks over a cloud based framework for B2C/B2B markets connecting 200 Million 4G LTE, 50 Million…

Added by pritha on September 16, 2014 at 6:30pm — 2 Comments

Data Leakage Protection (DLP) via email gateway and Regulated Internet access

About Project

The scope of the project encompassing Business Units, Support Functions, 200+ Processes and 8500+ employees. The project was an outcome of the data pilferage risk envisaged in terms of sensitive customer information and financial data. The risk assessment took inputs from various avenues such as internal audits, external audits, risk event, control committees conducted with the Top Management, business requirement were driven by the…


Added by pritha on September 16, 2014 at 5:30pm — No Comments

Top 5 Big Data Vulnerability Classes

Recently, we were pentesting a Data mining and Analytics company. The amount of data that they talked about is phenomenal and they are planning to move to Big Data. They invited me to write a blog on state of the art, Big Data security concerns and challenges and I happily accepted.…


Added by Jitendra Chauhan on September 15, 2014 at 8:30pm — 1 Comment

Monthly Archives











© 2020   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service