A common question is why should we get a third party penetration testing company? Why not choose a team from your current technical group to handle the network security test? For one, security audits like traditional financial audits are better done by outside companies with no bias and partiality to anyone or anything within your organization. Another reason to hire a security testing company is that one may find it difficult to hire and retain Penetration Testers.…

Get free access to the presentations by Dr. Phil Polstra, Wayne Tufek, Madhu Akula, Anant Shrivastava, Shomiron Das Gupta, Wasim Halani, Sahir Hidayatullah, Sudarshan Pisupati & more. SACON is one of the largest Security Architecture Conferences in APAC region. With over 500+ participants, this was the 6th edition of SACON and here are a few highlights we wanted to share with you. It was held on 15-16th Feb, Bangalore, India.…

Cyber-targeted attacks such as APTs are the primary cause of concern for any organization that holds data which can be of interest to attackers. The motivations are diverse and the attackers are highly sophisticated and relentless in their approach. Traditional security tools are proving to be ineffective against such attacks as evidenced by the ubiquitous stories of successful breaches.  In this time, it is considered that the more security tools you have the better secure you are which is…

This time we will speak about SAP in particular. So, what is SAP? First of all, SAP is a German company that develops and sells business software. SAP is famous for its ERP system - the most widespread business application. However, SAP provides much more than just an ERP. In 2005, it introduced its SAP Business Suite – a number of integrated business applications such as ERP, CRM, PLM, SCM, and SRM. These business applications consist of different components. For example, ERP includes…

Today we will show how SAP Afaria, an MDM solution from a world-famous software vendor, works and how cybercriminals can attack it in different ways.

In a nutshell, MDM is a set of services that help an administrator of a large company to control the mobile devices (smartphones, tablets, phablets and so on and so forth) of employees, thus establishing the security measures of corporate data stored and processed on those devices. A special application called MDM client is installed on…

From the developer’s perspective

For AS Java, the encoding is available as tc_sec_csi.jar. There is a static class and an interface which provides the encodings for HTML/XML, JavaScript, CSS and URL. Also it is available to use methods of public class StringUtils (com.sap.security.core.server.csi.util.StringUtils):

• escapeScriptEndTag(String pStr) - Prepare a string to be used for a javascript…

Hello, dear readers! Today I would like to talk about Oracle Security.

On August 11, Mary Ann – Oracle's CSO - published an incredibly shocking post about security researchers which was promptly deleted (either by herself or somebody else). The post was discussed by multiple resources such as…

In our previous article we’ve already covered how SAP ABAP Security Storage works. Today’s post is dedicated to SAP HANA Security Storage.

SAP HANA is a recent key product of SAP. It is a software solution based on the in-memory technology, that reduces the time of the data processing significantly.

This product has obviously caused an excitement among large enterprises interested in…

With this article we are starting new series of posts giving a review of one of the most frequent vulnerability which affects a lot of SAP modules: cross-site scripting, or XSS. XSS is by far one of the most popular vulnerability indeed in all products and a most popular vulnerability in SAP products with total number of 628 vulnerabilities that is almost 22% of all vulnerabilities ever found in SAP during 12 years. You can find this in our latest research…

(Source: Defcon 22-Las Vegas)

(Source: Defcon 22-Las Vegas)

(Source: Defcon 22-Las Vegas)

(Source: Defcon 22-Las Vegas)

These days’ web applications are under siege. Commercially motivated Hackers, bots, and fraudsters are attacking around the clock, attempting to steal data, disrupt…

PCI DSS – Stringent but Exhilarating to Implement (Project PCI DSS Implementation & Certification)

PCI DSS stand for Payment Card Industry Data Security Standard is a robust, comprehensive, technology driven, transparent, explicit standard to enhanced security controls around payment card and related account data by ensuring the safe…

We are happy to announce the results of the annual survey of Security Implementation Status and Industry Benchmarking (CPSMM), in which 331 companies have participated. The data has been collected through the survey conducted online as well as during Top 100 CISO Awards. We have planned a series of interesting information which shall provide…

Requirement for solutions related to Database security

A CISO should define the requirement for solutions related to Database security by first understanding the business and threat environment and decide on the most applicable threats and security parameters while balancing performance of application and security.

( Read more: …

Top steps during the implementation of a project related to Database Security

1.As most of the times, application developers or persons implementing the applications also work as database administrators, it is important that database administration is handled by different persons in the team. For bigger projects, you should have a separate database team. This helps on most of the occasions to have better control on database management and…