The increased adoption of containers has given rise to a wide range of potential threats to microservices apps that run in containers. If you are working in an organization and your workload is over containers then this blog is more targeted for you. This is about how effectively you can secure containers by not just following a structured and more specific threat modeling approach but focussing on introducing tools at different stages of the model to prevent container security issues before you actually ship them.

Threat modeling is a structured process through which IT pros can identify potential security threats and vulnerabilities, quantify the seriousness of each, and prioritize techniques to mitigate the attack and protect IT resources. …

SECURITY

When it comes to security, we always take it as the utmost priority. We strongly believe that “Security shouldn’t be treated as an after-thought”, it should be brought as close to engineers and as early in SDLC.

Aside from the general guidelines put forth in the CIS benchmark for all around information security, we have automated infrastructure scans for audit, compliance, automated penetration tests including both DAST and SAST, performing manual pen-testing as well and having strong firewalls at multiple layers.

We are immensely proud of the infrastructure security that we are able to build but there is a much bigger challenge that companies face — “Classic” security systems are more tend to be reactive in nature. …

Work-from-home culture slowly becoming a norm

With work-from-home culture slowly becoming a norm, IT companies around the globe are bringing in various new developments in its team engagement tools to cater to such needs and also to compete with every increasing popularity of Zoom.

Zoom which has recently come under the radar with hackers exploiting various misconfiguration in their tool and hence shifting the concerns towards their loosely tied security and privacy control measures. While Zoom is being highly criticized for all the security concerns that are being highlighted, other platforms such as Google Meet, Microsoft Skype, etc are using this opportunity to promote their product. …

Never leave your docker registry publicly exposed! Recently, I have been exploring dockers a lot in search of misconfigurations that organizations inadvertently make and end up exposing critical services to the internet. In continuation of my last blog where I talked about how a misconfiguration of leaving a docker host/docker APIs public can leak critical assets, here I’ll be emphasizing on how shodan led me to dozens of “misconfigured” docker registries and how I penetrated one of them.

Refining Shodan Search

I tried a couple of search filters to find out publicly exposed docker registry on shodan -

1. port:5001 200 OK
2. port:5000 docker 200…

Never leave your docker host publicly exposed!

For the last couple of months, I have been exploring various concepts of container security both from the perspective of attacking a container and defending the same. Containers have already taken a big space in the market. According to Docker, over 3.5 million applications have been placed in containers using Docker technology and over 37 billion containerized applications have been downloaded. One of the biggest advantages it brings is Modernizing Traditional Apps whether its a monolithic architecture or microservices. Moving to the containerized application brings its own security risk. I will be discussing in detail the various attack and defense strategies of Docker Container Security in the next blog. …

This blog is posted with the intention of a wake up call for the government to improve and strengthen its commitment towards responsible data practices and helps to highlight the below par security standards in the IT industry and bring to the attention, the importance of security and spread awareness among companies and government to take information security as importantly as any other branch. This blog is published informing both CERT-In and NCIIPC team multiple times.

During my journey to spread security awareness among Indian tech companies including private and government sectors and also in the wake of a recent hack that happened in Singapore where 1.5 million patients' records were leaked, I happened to find a serious security flaw in ORS Patient Portal which could have allowed anyone to access any patient details which included his/her full name, complete address, age, mobile number, appointments, UHID, partial Aadhar number, and disease (in some cases) too. …

Cloudflare is one of the most popular DNS and CDN service provider currently used by over 16 million internet sites. Every day, these sites utilize Cloudflare’s services for performance enhancement, DDoS mitigation, and more.

We do too.

So when Cloudflare suffered multiple outages, it affected websites around the globe. And Grofers was no exception.

The first outage happened on 24th June when Cloudflare proxy went down. The second outage happened on 2nd July, and this time the WAF was down for about half an hour. As a result, websites around the globe suffered outages with 502 Bad Gateway error message.

This downtime was good learning for…

Google’s email service is used by upwards of 1.5 billion people. The Google Calendar app, meanwhile, has been downloaded more than a billion times from the Play Store. Security researchers warned that threat actors are exploiting the popularity of both in order to target users with a credential-stealing attack — As published on forbes.com

Recently I came across an article which talked about how users of the Gmail service — Google Calendar are being targeted through the use of malicious and unsolicited Google Calendar notifications by automatic addition of invitation into a user’s calendar. This risk clearly talks about how misconfigured settings in google services by its users/clients can be exploited. …