OWASP API Security Top 10 – 2019(1st Version)

OWASP API Security Top 10 – 2019 The FIRST Edition from OWASP for API Security What is API Security? A foundational element of innovation in today’s app-driven world is the API. From banks, retail and transportation to IoT, autonomous vehicles and smart cities, APIs are a critical part of modern mobile, SaaS and web applications and […]

HTTP/2 DoS CVEs Affect Kubernetes too !

Two high severity vulnerabilities impacting all versions of the Kubernetes open-source system for handling containerised apps can allow an unauthorised attacker to trigger a denial-of-service (DoS) state. Kubernetes development team has already released patched versions to address these newly found security flaws and block potential attackers from exploiting them. Kubernetes was originally developed by Google […]

HTTP/2 Vulnerable to 8 DoS Attacks | CVE IDs declared

Overview: Netflix has discovered several resource exhaustion vectors affecting a variety of third-party HTTP/2 implementations. These attack vectors can be used to launch DoS attacks against servers that support HTTP/2 communication. Netflix worked with Google and CERT/CC to coordinate disclosure to the Internet community. Today, a number of vendors have announced patches to correct this suboptimal behaviour. […]

chaos engineering

Chaos Engineering – Defining Stability !

PRINCIPLES OF CHAOS ENGINEERING Chaos Engineering is the discipline of experimenting on a system in order to build confidence in the system’s capability to withstand turbulent conditions in production.                     Advances in large-scale, distributed software systems are changing the game for software engineering.  As an industry, we are quick to adopt practices that increase flexibility […]

How to Design an Application Architecture

Before you start designing an application architecture for any cloud, you need to start from a consideration of the main common quality attributes of the cloud: Scalability is a capability to adjust a system capacity based on the current needs. For example, let’s say you’re developing an internet shop. You know that before Christmas, the […]

Securing NGINX Web Server

#1: Turn On SELinux Security-Enhanced Linux (SELinux) is a Linux kernel feature that provides a mechanism for supporting access control security policies which provides great protection. It can stop many attacks before your system rooted. See how to turn on SELinux for CentOS / RHEL based systems. Do Boolean Lockdown Run the getsebool -a command and lockdown […]

What is Merkle Tree in Blockchain?

What’s A Merkle Tree? If you’re a newcomer to the blockchain world, you may have come across the phrase “Merkle Tree” and felt a little lost. While Merkle Trees are not a widely-understood concept, they’re also not terribly complicated. So, what’s a Merkle Tree? To put it very simply, a Merkle Tree is a method […]

Quora Data Breach

On Friday i.e. 30th November, 2018, Quora, the popular platform to ask questions and connect with people who contribute unique insights and quality answers has suffered with a sensitive data breach regarding its users. As per their “SECURITY UPDATE” mail, a third party had gained access to the following data of users in an unauthorized […]

iOS Safari Self DOS Attack

A security researcher with the github handle pwnsdx has found a way to crash and restart any Apple device using Safari by just rendering a webpage ! POC Code: https://gist.github.com/pwnsdx/ce64de2760996a6c432f06d612e33aea CLICK ON THIS LINK ONLY IF YOU ARE NOT USING SAFARI BROWSER ON AN APPLE DEVICE Sabri Haddouche tweeted a proof-of-concept webpage with just 15 lines of […]

OTP-SMS-Insecure?

Back in 2016, there was a news based on NIST publication, that SMS based Second Factor Authentication (2FA) is no more secure as it can be intercepted and there is no way for the application owner to confirm if the OTP sent to the designated user was the actual user who passed it back to […]