In the space of time it takes you to read this blog post and finish your morning coffee, a company at the vanguard of DevSecOps, such as Etsy, Amazon or Netflix, will have completed yet another deployment — one of potentially thousands per day. Deployment frequency has accelerated to a…


SQL Injection

Primer on SQL Injection (SQLi)

SQL Injection (SQLi) refers to an injection attack wherein an attacker can execute malicious SQL statements that control a web application’s relational database server. …


The views and opinions expressed in this article are those of the author and do not necessarily reflect the official policy or position of any company. Examples of analysis performed within this article are only gather through personal experience. …


https://dan.enigmabridge.com/roca-critical-vulnerability-in-infineon-security-chips/

What is it?

ROCA stands for “Return of Coppersmith’s Attack” (ROCA). It is a factorization attack that allows an attacker to exploit the weakness of the software library responsible for generating RSA key pairs in the chips made by German company Infineon Technologies AG. MS Surface extensively uses the chips…


What is KRACK?

KRACK (short for, uh, Key Reinstallation AttaCK) targets the third step in a four-way authentication “handshake” performed when your Wi-Fi client device attempts to connect to a protected Wi-Fi network. …


For more updates follow me on twitter Swapnil Deshmukh

According to an article in Forbes, the cyber crime costs are projected to hit $2 Trillion by 2019 with cyber attack projected losses of at least $9.7 Billion in 2020 by Bloomberg. With recent attacks on Equifax, Kaspersky, SonicWall, Deloitte, and…


DISCLAIMER
The views and opinions expressed in this article are those of the author and do not necessarily reflect the official policy or position of any company. Examples of analysis performed within this article are only gather through personal experience. …


Newer software development methodologies such as ‘DevOps’ or ‘Shift Left’ is dwindling organizational silos and processes. As a result security organizations is challenged with ensuring effective and efficient security engagement process while integrating Sec (read as Security) in ‘DevSecOps’. And at the forefront of this security engagement is Threat modeling…

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store