Authentication

How to Prevent OWASP Top 10 Vulnerability

How to Prevent Owasp Top 10 Vulnerabilities

Leave a Comment / CEH / By Tushar Panhalkar

Introduction to OWASP Top 10 The Open Web Application Security Project, or OWASP, may be a nonprofit that strives to teach the cybersecurity industry (its practitioners, researchers, and developers) about prominent web application bugs and therefore the risks they present. Every three or four years, OWASP reaches bent the businesses and organizations with a high-level and wide-sweeping view of the foremost common and highest risk vulnerabilities for feedback on common and emerging threats. These contributors …

How to Prevent Owasp Top 10 Vulnerabilities Read More »

Web Attack Investigation On Windows based Servers

1 Comment / CHFI / By Tushar Panhalkar

Web Attack Investigation On Windows based Servers in this there are different indications related to each type of attack. For example, in a denial of service (DoS) attack, the customers are denied any access to the information or services available on the website. In such cases, customers report the unavailability of online services because the attacker prevents the legitimate user from accessing websites, email accounts, and other services that rely on the victim’s computer. Another …

Web Attack Investigation On Windows based Servers Read More »

Understand Network Forensics Analysis Mechanism

Leave a Comment / CHFI, Knowledge Base / By Tushar Panhalkar

This network forensics analysis mechanism includes presenting the evidence, manipulating, and automated reasoning. Analyst Interface The analyst interface provides visualization of the evidence graph and reasoning results to the analyst, who passes the feedback to the graph generation and reasoning components. Evidence Collection Evidence collection involves the collection of intrusion evidence from networks and hosts under investigation. Evidence Preprocessing Evidence preprocessing deals with the analysis of assertive types of evidence, such as intrusion alerts, into …

Understand Network Forensics Analysis Mechanism Read More »

Understand Microsoft Authentication

1 Comment / CHFI, Knowledge Base / By Tushar Panhalkar

Understand Microsoft Authentication in this article When users log in to the Windows pc, a series of steps is performed for user authentication. The Windows OS authenticates its users with the help of 3 mechanisms (protocols) provided by the Microsoft. SAM database Windows uses the sam info to manage user accounts and passwords within the hashed format (one-way hash). The system doesn’t store the passwords in plaintext format however stores them in hashed format in …

Understand Microsoft Authentication Read More »

ISO 27001 Annex : A.14.1.2 Securing Application Services on Public Networks

Leave a Comment / ISO 27001 La, Knowledge Base / By Tushar Panhalkar

Control- ISO 27001 Annex : A.14.1.2 Securing Application Services on Public Networks Information about application services which pass through public networks should be protected against fraudulent activities, contract disputes, unauthorized disclosure, and modification. Implementation Guidance – Information security requirements will include the following for application services that cross public networks: Each party requires a level of trust in the identity claimed by each other, for example, through authentication; Authorizations for those who may authorize the …

ISO 27001 Annex : A.14.1.2 Securing Application Services on Public Networks Read More »

ISO 27001 Annex : A.13 Communications Security

Leave a Comment / ISO 27001 La, Knowledge Base / By Tushar Panhalkar

ISO 27001 Annex : A.13 Communications Security in this article explain A.13.1 Network Security Management, A.13.1.1 Network Controls, A.13.1.2 Security of Network Services, A.13.1.3 Segregation in Networks. A.13.1 Network Security Management It’s objective is to ensure the security and supporting information processing facilities of the information in a network. A.13.1.1 Network Controls Control- To protect information in systems and applications, networks should be managed and monitored. Implementation Guidance – The monitoring of network information security …

ISO 27001 Annex : A.13 Communications Security Read More »

ISO 27001 Annex : A.10 Cryptography

Leave a Comment / ISO 27001 La, Knowledge Base / By Tushar Panhalkar

ISO 27001 Annex : A.10 Cryptography in this article explaining Cryptographic controls, Policy on the Utilization of Cryptographic Controls & Key Management. A.10.1 Cryptographic controls Its objective is to ensure the proper and efficient use of cryptography to protect the confidentiality, authenticity and/or integrity of the information. A.10.1.1 Policy on the Utilization of Cryptographic Controls Control- A policy on the use of cryptographic controls to secure information should be developed and enforced. Implementation Guidance- The …

ISO 27001 Annex : A.10 Cryptography Read More »

ISO 27001 Annex : A.9.4.4 Use of Privileged Utility Programs & A.9.4.5 Access Control to Program Source Code

Leave a Comment / ISO 27001 La, Knowledge Base / By Tushar Panhalkar

In this article ISO 27001 Annex : A.9.4.4 Use of Privileged Utility Programs & A.9.4.5 Access Control to Program Source Code this two topics are explain. A.9.4.4 Use of Privileged Utility Programs Control- The use of utility programs that could bypass system and application controls should be limited and tightly controlled. Implementation Guidance- The following guidelines should be taken into account when using utility programs that could override system and application controls: the use of …

ISO 27001 Annex : A.9.4.4 Use of Privileged Utility Programs & A.9.4.5 Access Control to Program Source Code Read More »

ISO 27001 Annex : A.9.4 System and Application Access Control

Leave a Comment / ISO 27001 La, Knowledge Base / By Tushar Panhalkar

ISO 27001 Annex : A.9.4 System and Application Access Control Its objective is to put a stop to unauthorized access to systems and applications. A.9.4.1 Information Access Restriction Control- Access to information and application system functions should be limited in compliance with the policy on access control. Implementation Guidance- Access controls should be based on individual requirements for business applications and in compliance with a specified access control policy. In order to meet access restriction …

ISO 27001 Annex : A.9.4 System and Application Access Control Read More »

ISO 27001 Annex : A.9.3 User Responsibilities

Leave a Comment / ISO 27001 La, Knowledge Base / By Tushar Panhalkar

ISO 27001 Annex : A.9.3 User Responsibilities Its objective is the Responsibility of users for safeguarding their authentication information. A.9.3.1 Use of Secret Authentication Information Control- Use of secret authentication information should be allowed for users to follow the organization’s practices. Implementation Guidance- It is recommended that all users: maintain confidential information on secure authentication to ensure that it is not leaked to the other parties, including people of authority; Avoid maintaining a record of …

ISO 27001 Annex : A.9.3 User Responsibilities Read More »

How to Prevent Owasp Top 10 Vulnerabilities

Understand Network Forensics Analysis Mechanism

Understand Microsoft Authentication

ISO 27001 Annex : A.14.1.2 Securing Application Services on Public Networks

ISO 27001 Annex : A.13 Communications Security

ISO 27001 Annex : A.10 Cryptography

ISO 27001 Annex : A.9.4.4 Use of Privileged Utility Programs & A.9.4.5 Access Control to Program Source Code

ISO 27001 Annex : A.9.3 User Responsibilities

Course Categories

Quick Menu

Contact us

Recent Posts

Find Us Here