September 2014 Blog Posts (9)

SIEM Tools: Implementation Guide and Vendor Evaluation Checklist

Current Project Synopsis:

  • Responsible for Information Security of next generation mobile and fixed broadband networks (LTE/WiFi/FTTx) with All-IP networks over a cloud based framework for B2C/B2B markets connecting 200 Million 4G LTE, 50 Million…

Added by pritha on September 16, 2014 at 6:30pm — 2 Comments

Data Leakage Protection (DLP) via email gateway and Regulated Internet access

About Project

The scope of the project encompassing Business Units, Support Functions, 200+ Processes and 8500+ employees. The project was an outcome of the data pilferage risk envisaged in terms of sensitive customer information and financial data. The risk assessment took inputs from various avenues such as internal audits, external audits, risk event, control committees conducted with the Top Management, business requirement were driven by the…


Added by pritha on September 16, 2014 at 5:30pm — No Comments

Top 5 Big Data Vulnerability Classes

Recently, we were pentesting a Data mining and Analytics company. The amount of data that they talked about is phenomenal and they are planning to move to Big Data. They invited me to write a blog on state of the art, Big Data security concerns and challenges and I happily accepted.…


Added by Jitendra Chauhan on September 15, 2014 at 8:30pm — 1 Comment

Penetration Testing E-commerce Applications

Over the past decade, E-Commerce applications have grown both in terms of numbers and complexity. Currently, E-Commerce application are going forward becoming more personalized, more mobile friendly and rich in functionality. Complicated recommendation algorithms are constantly running at the back end to make content searching as personalized as possible.

Why a conventional application penetration testing is not enough for E-commerce…


Added by Jitendra Chauhan on September 15, 2014 at 8:30pm — No Comments

Must Know Business Logic Vulnerabilities In Banking Applications

Over the last few years, our On-Demand and Hybrid Penetration Testing platform has performed security testing of applications across various verticals and domains including Banking, e-commerce, Manufacturing, Enterprise Applications, Gaming and so on. On one side, SQL Injection, XSS and CSRF vulnerabilities are still the top classes of vulnerabilities found by our automated scanning system, on the other hand however, there are a lot of…


Added by Jitendra Chauhan on September 15, 2014 at 7:00pm — No Comments

Information Security Infrastructure: Assessing and analyzing

The project scope is to perform a security assessment of the current environment of MBE including the major business processes, operating functions, organizational units and information systems and a thorough evaluation of the configuration and design of the existing network and systems infrastructure and main servers. Based on the assessment, need to define and implement the desired Information security architecture which protects the information base and aligns with the business…


Added by pritha on September 12, 2014 at 2:30pm — No Comments

A CISO Guide to Privilege Identity&Access Management(PIM) Implementation

Achieved Solution Benefits

To mitigate risk

  • Prevent access breaches through privileged accounts
  • Monitor activities carried out by privileged users
  • Enforce accountability for use of generic privileged accounts
  • Enforce granular…

Added by pritha on September 9, 2014 at 6:30pm — 1 Comment

Sneak Peek Into the Top Talks @ CISO Platform Annual Summit, 2014

Turbo Talks

How the Heartbleed bug was found?

Antti Karjalainen discoverer of Heartbleed

The Heartbleed bug was a catastrophic vulnerability in widely used OpenSSL TLS implementation. This talk will give background how the Heartbleed bug was found by Codenomicon. The…


Added by pritha on September 9, 2014 at 12:30pm — No Comments

Launching Community based "Common Framework for Security Technology Evaluation" @ Annual Summit,2014

Why do we need a common security technology evaluation framework? 

Floating an RFP (Request for Proposal)  or evaluating a new technology for a CISO is a substantial effort. Going through the sea of data  and marketing buzz to judge a vendor and its product is…


Added by CISO Platform on September 3, 2014 at 9:30pm — No Comments

Monthly Archives











© 2020   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service