Collaborate Disseminate
I’m trying to create a SCP to restrict member account users to create/modify security group(s) that have inbound rule for SSH/RDP with Source set as 0.0.0.0 or ::/0.
Basically, I want users to SSH into EC2 instances only using bastion host… Continue reading SCP to create security groups in member AWS account
In my angular app, initially, I used bypassSecurityTrustStyle(value: string) and it worked but in security testing of my application, it gave error Angular Usage of Unsafe DOM Sanitizer.
In this blog, it’s beautifully expla… Continue reading Angular application security error: Sanitizing unsafe style value
From whatever I have read of Snort, it can analyse a single packet at a time and raise an alert based on its rules.
What if I wish to have a rule based on multiple packets such as analysis of a protocol situation that can m… Continue reading Stateful detection in Snort
I am talking about the apps that allow using my google account for login. Nothing against Postman, just using its login screen for example –
My concern is that an app could be spoofing this whole screen to steal my credenti… Continue reading What if the Google account login screen is spoofed
I am using prepaid broadband plan of Hathaway (in India). Few more days are left for the plan to get expired and I observed the below screenshot.
This popup comes only when I visit any non-secure website (without https in … Continue reading How Hathaway ISP shows renewal reminder in non secure website?
In order to have a better user experience during registration on mobile apps, I had added a web service to check if email ID exists before submitting the form. Based on the error logs, it looks like someone is misusing that A… Continue reading Attacks on email validity service
please share your views on the same since iam expecting the RISK associated with Configuration back up files
Continue reading what is the risk associated with configuration back up files
An organization has a Wireless router with MAC filtering enabled allowing only certain users to connect. If an attacker knows the password and SSID of the WLAN, and he manages to spoof one of the user’s MAC address, will the … Continue reading Does MAC filtering in WLAN protect against MAC spoofing?
WPA 2 can be cracked using Aircrack-ng in Kali Linux. Is there any other security protocol for Wi-Fi which is not compromised?
The DDoS attack on Dyn by Mirai malware that disrupted the internet was largest of its kind in history. Experts say that its strength was 1.2 Tbps. I don’t understand the math behind it. How is the strength of a DDoS attack c… Continue reading How is the strength of a DDoS attack measured?