chaos engineering

Chaos Engineering – Defining Stability !

PRINCIPLES OF CHAOS ENGINEERING Chaos Engineering is the discipline of experimenting on a system in order to build confidence in the system’s capability to withstand turbulent conditions in production.                     Advances in large-scale, distributed software systems are changing the game for software engineering.  As an industry, we are quick to adopt practices that increase flexibility […]

How to Design an Application Architecture

Before you start designing an application architecture for any cloud, you need to start from a consideration of the main common quality attributes of the cloud: Scalability is a capability to adjust a system capacity based on the current needs. For example, let’s say you’re developing an internet shop. You know that before Christmas, the […]

Securing NGINX Web Server

#1: Turn On SELinux Security-Enhanced Linux (SELinux) is a Linux kernel feature that provides a mechanism for supporting access control security policies which provides great protection. It can stop many attacks before your system rooted. See how to turn on SELinux for CentOS / RHEL based systems. Do Boolean Lockdown Run the getsebool -a command and lockdown […]

What is Merkle Tree in Blockchain?

What’s A Merkle Tree? If you’re a newcomer to the blockchain world, you may have come across the phrase “Merkle Tree” and felt a little lost. While Merkle Trees are not a widely-understood concept, they’re also not terribly complicated. So, what’s a Merkle Tree? To put it very simply, a Merkle Tree is a method […]

Quora Data Breach

On Friday i.e. 30th November, 2018, Quora, the popular platform to ask questions and connect with people who contribute unique insights and quality answers has suffered with a sensitive data breach regarding its users. As per their “SECURITY UPDATE” mail, a third party had gained access to the following data of users in an unauthorized […]

iOS Safari Self DOS Attack

A security researcher with the github handle pwnsdx has found a way to crash and restart any Apple device using Safari by just rendering a webpage ! POC Code: https://gist.github.com/pwnsdx/ce64de2760996a6c432f06d612e33aeahttps://gist.github.com/pwnsdx/ce64de2760996a6c432f06d612e33aea CLICK ON THIS LINK ONLY IF YOU ARE NOT USING SAFARI BROWSER ON AN APPLE DEVICE Sabri Haddouche tweeted a proof-of-concept webpage with just 15 lines of code […]

OTP-SMS-Insecure?

Back in 2016, there was a news based on NIST publication, that SMS based Second Factor Authentication (2FA) is no more secure as it can be intercepted and there is no way for the application owner to confirm if the OTP sent to the designated user was the actual user who passed it back to […]

The RIGHT way of Password Hashing !

If you’re a web developer, you’ve probably had to make a user account system. The most important aspect of a user account system is how user passwords are protected. User account databases are hacked frequently, so you absolutely must do something to protect your users’ passwords if your website is ever breached. The best way […]

Let’s Encrypt Wildcard SSL Certificate using CERTBOT

What is a Wildcard Certificate? In computer networking, a wildcard certificate is a public key certificate which can be used with multiple subdomains of a domain. The principal use is for securing web sites with HTTPS, but there are also applications in many other fields. Compared with conventional certificates, a wildcard certificate can be cheaper and more convenient than a certificate for […]

LinkedIn Autofill Vulnerability (Fixed !)

Not just Facebook, a new vulnerability discovered in Linkedin’s popular AutoFill functionality found leaking its user’s sensitive information to third party websites without the user even knowing about it. LinkedIn provides an AutoFill plugin for a long time that other websites can use to let LinkedIn users quickly fill in profile data, including their full name, […]