October 5, 2020

Our top 5 recommendations for server administrators are

1. Always use the latest version of the OS and the software and ensure your software has active support.

2. Install and use only services you need. Left over services which you dont need can often lead to open doors...

October 1, 2020

Recently an infrastructure vulnerability test was conducted on one of numerous setups managed by us. For this test the live environment was replicated with a dedicated web server and database server. The hardware firewall remained the same (for both production and test...

September 9, 2020

if you happen to receive an email similar to the one above, don't panic.

The bug bounty programs including the openbugbounty is a system designed to make the public accessible systems safe. Rather than a hacker misusing the exploit, bug bounty hackers warn you of a poss...

July 10, 2020

For the past few months we have been busy reviewing our policy and processes

- Work from Home policy (This was done early on when WFH hit us. Luckily our office had done a few practice runs with half to staff working from home few weeks before ensuring a smooth transiti...

February 1, 2020

For more than 3 weeks, 5 five Elasticsearch servers of Microsoft left 250 million customer support records publicly exposed. The misconfiguration was done on 5th December and was reported to Microsoft on 31st December after which all 5 servers were secured within 24 ho...

January 29, 2020

From SQL and XSS injections, 3rd party vulnerabilities, file upload issues to password policy we ran a comprehensive penetration test and found a range of vulnerabilities for this client's portal. With 15 "Priority 1" and a number of other vulnerabilities our team did...

August 28, 2019

Technical jargon can be confusing and security related ones even more. The terms "SQL injection" and "XSS injection" seem funny as the image suggests, but understanding it is a key to resolving the issue.

To simplify it in a non technical way, imagine you have a ro...

August 12, 2019

While doing a basic code review for a client's web portal (bridging customers and service) we came across potential vulnerabilities which could compromise the system and recommended a proper ethical hack to screen the system. Our team managed to find 25 vulnerabilities...

August 2, 2019

Around 8 months back we conducted a non-intrusive security audit for an accounting backend application which involved us going through their system and making data classification matrix, supplier/processor list, data flow, network diagrams and conducting fact finding i...

July 18, 2019

The long awaited Debian 10 (code name buster) has finally been released. It has the latest software versions and boasts of 57,703 packages. Long term support (LTS) of 5 years has been promised as well to ensure security updates are available till mid 2024!

Debian 8...

Please reload

September 9, 2020

July 18, 2019

Please reload

Recent Posts
Featured Posts

Top 5: Server Administration recommendations

October 5, 2020

Please reload

Please reload