All Articles

Wargame : Dashboard & Metrics For The Management Video by Renu Rajani,Sridhar Govardhan,Raghu Kumar Paruchuri,Tamaghna Basu.

Application Security Workshop Part 2 by Nilanjan De:

• Web Attack Chaining
• Understanding IAST/RASP
• Realtime Polymorphism

Application Security Workshop Part 1 by Jitendra Chauhan:

• Web Attack Chaining
• Understanding IAST/RASP
• Realtime Polymorphism

Application Security Workshop Part 1 Video by Jitendra Chauhan:

Network Forensic Tools & Techniques Workshop by Tamaghna Basu:  

• Introduction,Basic Protocol Analysis,
• Forensic Analysis Network/Web/Malware,
• Basic Packet Analysis Challenges

Network Forensic Tools & Techniques Workshop video by Tamaghna Basu:  

IBM Managed Security Services continuously monitors billions of events per year, as reported by more than 8,000 client devices in over 100 countries. This report is based on data IBM collected between 1 January 2014 and 31 December 2014 in the course

I have wanted to put together some of my thoughts on the trends in application security for quite some time. Finally as I have some time today since it was a day off, I made a deal with my wife that we won’t speak for the next 2 hours.

What I am writi

Today’s post is the last in the series of articles about XSS vulnerabilities in SAP systems. The previous parts describe how to prevent XSS in SAP NetWeaver ABAP and SAP NetWeaver J2EE.

XSS is one of the most popular vulnerabilities and its effect can

From the developer’s perspective

For AS Java, the encoding is available as tc_sec_csi.jar. There is a static class and an interface which provides the encodings for HTML/XML, JavaScript, CSS and URL. Also it is available to use methods of public class

We continue our series of posts giving a review of one of the most frequent vulnerability which affects a lot of SAP modules: cross-site scripting, or XSS. Today's post describes how to protect SAP NetWeaver ABAP from XSS.

From the developer’s perspec

Oracle PeopleSoft applications are quite complex and consist of many components, so does their security. While there is almost no research on PS security, successful attacks against such systems happen from time to time. That’s why we decided to star

Hello, dear readers! Today I would like to talk about Oracle Security.

On August 11, Mary Ann – Oracle's CSO - published an incredibly shocking post about security researchers which was promptly deleted (either by herself or somebody else). The post w

The CISO(Chief Information Security Officer) is a C-Level position, responsible to align security to business goals and to secure information assets of the company. The C-Level position has changed and evolved so much, we see the ‘CISO’ as a union of

Chevening.JPG

Please cascade to your teams please Tata Consultancy Services (BSE: 532540, NSE: TCS), the leading IT services, consulting and business solutions organization, is a partner with the Foreign & Commonwealth Office (FCO) of the UK Governmen

This year’s study examines the costs incurred by 36 Indian companies in 12 industry sectors after those companies experienced the loss or theft of protected personal data and then had to notify breach victims and/or regulators as required by laws and

Governance, Risk and Compliance is sometimes a managerial step or a mandatory step to adhere with regulations & maintain compliant systems. It widely helps in Risk Management.

Some of the major components of IT GRC are:

1. IT Policy Management
2. IT Risk

The intent of using IT Governance Risk Compliance (IT GRC) tools and capabilities is to report and manage IT Risks. We will study the critical platform capabilities for IT GRC Tools.

Critical Platform Capabilities In IT GRC Solution

• IT Risk Mana

What Is Bad USB?

The phenomenon of using the USB for malicious intent can be termed as Bad USB. USB Thumb Drives are the last considerations of malicious intent. However, if manipulated, they can takeover almost everything.

Some interesting demonstra

Free/Opensource Tools -

• IT GRC Asset Management
  Some functions can be used for technical controls to policy enforcement
  OTRS http://www.otrs.com/en/
  Redmine http://www.redmine.org/
  Mantis http://www.mantisbt.org/
• IT GRC Risk Management-
  GLPI http:

Today, while working on github, I landed upon an amazing curated list of information on Application Security, covering from fundamentals to programming. The most amazing part was the love demonstration of hacking a website.

Do check this out: https://

SAP has released the monthly critical patch update for August 2015. This patch update closes 22 vulnerabilities in SAP products, 15 have high priority, some of them belong to the SAP HANA security area. The most popular vulnerability is Cross Site Sc