Authentication

How to Prevent OWASP Top 10 Vulnerability

How to Prevent Owasp Top 10 Vulnerabilities

Introduction to OWASP Top 10 The Open Web Application Security Project, or OWASP, may be a nonprofit that strives to teach the cybersecurity industry (its practitioners, researchers, and developers) about prominent web application bugs and therefore the risks they present. Every three or four years, OWASP reaches bent the businesses and organizations with a high-level and wide-sweeping view of the foremost common and highest risk vulnerabilities for feedback on common and emerging threats. These contributors …

How to Prevent Owasp Top 10 Vulnerabilities Read More »

Understand-Network-Forensics-Analysis-Mechanism

Understand Network Forensics Analysis Mechanism

This network forensics analysis mechanism includes presenting the evidence, manipulating, and automated reasoning. Analyst Interface The analyst interface provides visualization of the evidence graph and reasoning results to the analyst, who passes the feedback to the graph generation and reasoning components. Evidence Collection Evidence collection involves the collection of intrusion evidence from networks and hosts under investigation. Evidence Preprocessing Evidence preprocessing deals with the analysis of assertive types of evidence, such as intrusion alerts, into …

Understand Network Forensics Analysis Mechanism Read More »

Understand-Microsoft-Authentication

Understand Microsoft Authentication

Understand Microsoft Authentication in this article When users log in to the Windows pc, a series of steps is performed for user authentication. The Windows OS authenticates its users with the help of 3 mechanisms (protocols) provided by the Microsoft. SAM database Windows uses the sam info to manage user accounts and passwords within the hashed format (one-way hash). The system doesn’t store the passwords in plaintext format however stores them in hashed format in …

Understand Microsoft Authentication Read More »

ISO-27001-Annex-A.14.1.2-Securing-Application-Services-on-Public-Networks

ISO 27001 Annex : A.14.1.2 Securing Application Services on Public Networks

Control- ISO 27001 Annex : A.14.1.2 Securing Application Services on Public Networks Information about application services which pass through public networks should be protected against fraudulent activities, contract disputes, unauthorized disclosure, and modification. Implementation Guidance – Information security requirements will include the following for application services that cross public networks: Each party requires a level of trust in the identity claimed by each other, for example, through authentication; Authorizations for those who may authorize the …

ISO 27001 Annex : A.14.1.2 Securing Application Services on Public Networks Read More »

ISO-27001-Annex-A.13-Communications-Security

ISO 27001 Annex : A.13 Communications Security

ISO 27001 Annex : A.13 Communications Security in this article explain A.13.1  Network Security Management, A.13.1.1  Network Controls, A.13.1.2  Security of Network Services, A.13.1.3  Segregation in Networks. A.13.1  Network Security Management It’s objective is to ensure the security and supporting information processing facilities of the information in a network. A.13.1.1  Network Controls Control- To protect information in systems and applications, networks should be managed and monitored. Implementation Guidance – The monitoring of network information security …

ISO 27001 Annex : A.13 Communications Security Read More »

ISO-27001-Annex-A.10-Cryptography

ISO 27001 Annex : A.10 Cryptography

ISO 27001 Annex : A.10 Cryptography in this article explaining Cryptographic controls, Policy on the Utilization of Cryptographic Controls & Key Management. A.10.1 Cryptographic controls Its objective is to ensure the proper and efficient use of cryptography to protect the confidentiality, authenticity and/or integrity of the information. A.10.1.1 Policy on the Utilization of Cryptographic Controls Control- A policy on the use of cryptographic controls to secure information should be developed and enforced. Implementation Guidance- The …

ISO 27001 Annex : A.10 Cryptography Read More »

ISO-27001-Annex-A.9.4.4-Use-of-Privileged-Utility-Programs

ISO 27001 Annex : A.9.4.4 Use of Privileged Utility Programs & A.9.4.5 Access Control to Program Source Code

In this article ISO 27001 Annex : A.9.4.4 Use of Privileged Utility Programs & A.9.4.5 Access Control to Program Source Code this two topics are explain. A.9.4.4 Use of Privileged Utility Programs Control- The use of utility programs that could bypass system and application controls should be limited and tightly controlled. Implementation Guidance- The following guidelines should be taken into account when using utility programs that could override system and application controls: the use of …

ISO 27001 Annex : A.9.4.4 Use of Privileged Utility Programs & A.9.4.5 Access Control to Program Source Code Read More »

ISO-27001-Annex-A.9.3-User-Responsibilities

ISO 27001 Annex : A.9.3 User Responsibilities

ISO 27001 Annex : A.9.3 User Responsibilities Its objective is the Responsibility of users for safeguarding their authentication information. A.9.3.1 Use of Secret Authentication Information Control- Use of secret authentication information should be allowed for users to follow the organization’s practices. Implementation Guidance- It is recommended that all users: maintain confidential information on secure authentication to ensure that it is not leaked to the other parties, including people of authority; Avoid maintaining a record of …

ISO 27001 Annex : A.9.3 User Responsibilities Read More »