Collaborate Disseminate
I understand that a product security incident response team (PSIRT) identifies, evaluates and coordinates responses to the security vulnerabilities in the products you manufacture. Whereas the CSIRT protects the infrastructure on which the… Continue reading How CSIRT is different from PSIRT framework?
I have a content as shown below
I have encrypted the content by running the below command
cd C:\Windows\Microsoft.NET\Framework\v4.0.30319
aspnet_regiis.exe -pef "secureAppSettings" "your application web config path"… Continue reading Encrypting app settings file is secure than encrypting only the app setting contents?
Would like to know the difference between Off-The-Shelf Software (OTS Software) and Software of Unknown Provenance (SOUP Software)
Suppose I am developing an application that runs on a medical device, then what I shall be aware of with res… Continue reading What is the difference between OTS and SOUP? [closed]
I have developed C# application and hosted it as a windows service on a machine http://localhost:5000 . This application registered in `Azure Active Directory
Application is using the below details in-app configuration
"ClientId"… Continue reading How to mitigate risk of spoofing / Impersonating in OAuth Device flow ( device code flow ) in Azure AD?
I have a service that runs as Windows Service on a device and developed using C#, and uses the gRPC protocol for communication as shown in the below diagram.
The service is running on port 5000 as http://localhost:5000
I am doing a cybers… Continue reading What are possible spoofing attacks on internal services in devices?
I was reviewing our existing architecture of the application and found that the database virtual machine opened port 25 for communicating with email server in the internet.
What are risks? I want to do a risk assessment of this vulnerabi… Continue reading What are the risks we can foresee when our database having outbound connection to internet through port 25? [closed]
I have a SQL database and I have enabled the Always Encrypted feature. Can I claim that Data at Rest is fulfilled? or do I have to secure the backup files using certificates to claim that our database is secure with respect to Data at Rest… Continue reading SQL Column encryption can be part of Data at Rest?
I am developing a solution that is mostly dependent on plug and play architecture. Currently, I am doing a risk analysis of this design.
What are the security issues in Plug and Play architecture? And how we can mitigate them?
This is a C#… Continue reading What are the security issues in Plug and Play architecture? And how we can mitigate them?
I am very new to email concepts and would like to understand SMTP and APIs with respect to selecting email providers.
My concern:
Email service provider Sendgrid is grappling with an unusually large
number of customer accounts whose passw… Continue reading SMTP vs. Web API: Will be my customer email addresses are safer? [closed]
I am using CVSS to do the vulnerability assessment for my project.
As per documentation here is the definition of local and adjacent
Adjacent (A) The vulnerable component is bound to the network stack, but the attack is limited at the p… Continue reading What is the difference between "local" and "Adjacent" threat agents?