• Log4Shell critical vulnerability

    On Friday 10th December, Apache announced a critical vulnerability within the LOG4J logging library for Java, called Log4Shell or LogJam. At 10/10 severity, this is comfortably one of the most serious IT vulnerabilities to have been discovered in recent memory, as Log4J is often installed on both Linux and Windows systems either directly, or often […]

  • Lessons learnt from Facebook outage

    – Some thoughts from our CTO Anurag Jain Be it business or personal, social platforms are integral part of our lives. When the outage first started, my first reaction was to restart the app a few times, restart my router, and even check with few friends and colleague. After a bit of panic on how […]

  • Web application stress test

    We are excited about our new stress test service, which has shown promising findings for different clients, applications and architectures. Which one applies to you? Not sure if your application/system can handle a specific number of users? Want a clear comparison between one architecture or another Find bottlenecks in the system but need to simulate […]

  • 5 common mistakes when building a website/web-application wrt security.

    These are the 5 common mistakes we often come across. This should not be seen as a comprehensive list. Not performing authorization. Authentication confirms that you say who you are. Authorization checks if you have access to a specific asset. Examples of this are hidden links which are shown only to one type of user […]

  • Security audit for statistical insights company

    Recently we had an opportunity to conduct a security audit of a company that is involved in providing statistical insights to a wide number of clients. Unlike a penetration test this is a non intrusive approach to audit their processes instead of an application. It requires understanding of the processes, how the company works, how […]

  • Supplier/Processor list

    Maintaining the supplier/processor list is one of the key security requirements for any orgranisation and is the list of all the suppliers and/or processor (or sub-processors) who are involved in a project or process. This means if your processor has a sub-processor ideally that sub-processor also needs to be in this list. This document should […]

  • OS command injection in latest ethical hack findings

    In the latest ethical hack conducted by our security team on a security related service, we managed to find a very interesting OS command injection finding which is Priority level 1.In the latest ethical hack conducted by our security team on a security related service, we managed to find a very interesting OS command injection […]

  • encryptedtransfer.com is now more secure and allows file transfers

    The idea for our free online tool www.encryptedtransfer.com for safely passing messages started more than 8 years back. It has been popular with our team and clients using it very regularly to send access details and passwords. Since we have started the service more than 15,000 messages were exchanged securely using the best industry standards. […]

  • DDOS attack and possible solutions

    Recently we had a DDOS attack on a systems we handle for one of our client. The image above shows the different places from where the attacks were happening. But before we get into all that, a little bit about DDOS means: Denial of Service is a form of attack which takes advantage of the […]