Author Archives: Shyam Oza

Kovter — a malware that has evolved from a trojan-based ransomware to a click fraud malware and then to a fileless one — is Spanning’s Malware of the Month for October 2019. Learn how Kovter works and how it has stayed among the most prolif… Continue reading Kovter – Malware of the Month, October 2019→

XML External Entity (XXE) attacks are a form of injection attack that target weak XML parsers with the goal of exposing confidential information that should typically not be accessible. Learn how they work and how to protect against them.
The post XML … Continue reading XML External Entity (XXE) Attacks — Web-based Application Security, Part 5→

TrickBot, at its root, is a form of Trojan malware. Like its namesake, malware of this type cleverly disguises its true intent. What’s even more dangerous is that TrickBot is constantly evolving with increasingly potent attacks. Learn more about our Ma… Continue reading TrickBot – Malware of the Month, August 2019→

The CIA Triad, or Confidentiality-Integrity-Availability, is a flexible model that can be applied to help secure your organization’s information systems, applications, and network. Learn about the three pillars of the framework and how you can im… Continue reading CIA Triad: Best Practices for Securing Your Org→

SQL Injection attacks are accomplished via insertion of untrusted input in a valid command or query of a vulnerable SQL-driven website or database, which then maliciously alters the execution of that program. SQL Injection attacks are simple to execute… Continue reading SQL Injection Attacks (SQLi) — Web-based Application Security, Part 4→