Entersoft Security Blog

Implementing Security in IoT

Posted by Entersoft Team on Nov 29, 2017 9:44:36 PM

 

The Internet of Things continues to connect an ever-increasing number of devices. We're heading towards a seamlessly connected world that will have 24 billion IoT devices by 2020. Connected devices are making headway into each and every aspect of our lives, including homes, offices, cars and even cities.

Read More

Topics: Application Security, Application Security Guidelines, cyber security, IOT Security

Vulnerability: XSS in Image Name

Posted by Entersoft Team on Oct 25, 2017 9:54:32 PM
We have frequently come across cross-site scripting vulnerability ( more about XSS ) in input fields where HTML special characters are not sanitized. However, these days most developers are aware of this vulnerability and diligently filter user-supplied inputs in forms and URLs.
Read More

Topics: Application Security, XSS, Cross site scripting, vulnerability

Race Condition Vulnerabilities in Web Applications

Posted by Entersoft Team on Sep 15, 2017 8:14:29 PM

Race conditions in software arise when two concurrent threads of execution access a shared resource in a way that unintentionally produces different results; depending on the time at which the code is executed. For example, a multi-threaded program may spawn 2 threads that have access to the same location in memory.

Read More

Topics: Application Security, Application Security Guidelines, cyber security

Demystifying ARP Spoofing

Posted by Entersoft Team on Sep 11, 2017 10:14:18 PM

 

 What is ARP Poisoning or ARP Spoofing attack?

ARP spoofing attack is an attack in which an attacker sends falsified ARP (Address Resolution Protocol) messages over LAN. As a result, the attacker can link his MAC address with the IP address of a legitimate computer (or server) on the network.

Read More

Topics: Application Security, cyber security, cyber attack

New Attack "XSSJacking" Combines Clickjacking, Pastejacking, and Self-XSS

Posted by Entersoft Team on Aug 22, 2017 10:39:05 PM
Read More

Topics: Application Security, cyber security, cyber attack

New Vulnerability: IoT Devices Compromised by "Rakos"

Posted by Entersoft Team on Aug 8, 2017 10:41:03 PM
Have you been in situations in which you find your IoT devices getting overloaded with networking and computing tasks? If the answer is yes, the chances are high that your devices are Rakos’s latest victims.
Read More

Topics: Application Security, cyber security, IOT Security, cyber attack

Entersoft Security Pack: FinTech

Posted by Mohan Gandhi on Jul 25, 2017 5:39:07 PM
 
Banks now work hand in hand with companies in Fintech. Banks regularly partner with Fintech startups to implement innovative technologies such as Robo advice, Chatbots, KYC and Regtech, Blockchain, Wealth Management, Artificial Intelligence, Big Data and so on.
 
Read More

Topics: Application Security, cyber security, FinTech Security, Fintech Security standards

IoT Attack Surface Mapping

Posted by Entersoft Team on Jul 17, 2017 5:24:09 PM
Read More

Topics: Android App Security, Application Security, cyber security, IOT Security, Internet of things

New Vulnerability: Raspberry Pi Malware Mines Cryptocurrency

Posted by Entersoft Team on Jul 4, 2017 10:19:51 PM

What is Raspberry Pi?

Read More

Topics: Application Security, cyber security, Hacks and news

Entersoft Vulnerability Overview: Insufficient Attack Protection

Posted by Entersoft Team on Jul 3, 2017 8:52:10 PM

 

What follows in the article is a brief overview of a OWASP Top 10 2017 vulnerability - A7-Insufficient Attack Protection.

This post is useful for beginners who want to understand about Insufficient Attack Protection and for developers to help protect their applications against this vulnerability.

Whenever a user with malicious intention visits any application, his first motive is to damage the application or to create a sense of panic among the application’s admins or users who are using the application.

It is natural behaviour for most attackers targeting an application to perform extensive research about the application, its services and categories of users accessing the application. The research usually starts with an ‘information gathering’ phase which includes collecting information about the application stack and usernames that are available to any random user who has access to the application, in addition to observing contact-us forms’ structures.

Once the attackers have enough information about the application, they try to start with their attacks on the application. 

Read More

Topics: Application Security, cyber security, Security Guidelines