Security Brigade Blog

Opinions on Penetration Testing, Web-Application Security, Network Security, Mobile Security & Everything In Between

IBM AS/400 System

Security Audit of IBM AS/400 and System i : Part 1

By | July 25, 2018

Security Audit of IBM’s AS/400 System i: Part 1 In this blog post, we will be describing our experience of conducting a security audit of IBM AS/400 and System i. AS/400 also known as IBM i Series or Green Screen System was initially designed for micro businesses. By industry need and reliable performance of these […]

Spear Phishing

Weekly Cyber Security News: 17th July 2018

By | July 17, 2018

This is a weekly news update for the 17th of July 2018. This post is part of the weekly news series on cybersecurity with content curated by the hackers & experts at Security Brigade. India Among Top Three Countries Most Targeted For Phishing Phishing and malware-based attacks are the most prolific online fraud tactics developed […]

ATM in India

Weekly Cyber Security News: 2nd July 2018

By | July 2, 2018

This is weekly news update for the 2nd of July 2018. This post is part of the weekly news series on cyber security with content curated by the hackers & experts at Security Brigade. Indian Banks Forced to Migrate ATM Machines from Windows XP RBI released a new circular making it mandatory for Indian banks […]

Krack Attack - WPA2

KRACK Attack: Breaking WPA2

By | October 17, 2017

The Krack Attack affects most wireless networks and clients across the world. Wireless networks play a crucial role in the digital world and most internet users use WiFi networks on a daily basis. Having encryption on wireless networks has become the benchmark and over the years we’ve had many encryption algorithms for WiFi communication – First […]

5 Steps to Avoid Phishing Scams in E-mail

By | December 25, 2012

Anyone with an e-mail account, has at some point of time received phishing or scam e-mails. These range from Nigerian Princes to Local Banks requesting funds, assistance and so on. Some of these e-mails may be legitimate (sans the Nigerian prince), however most of these are a common technique known as phishing. Phishing scams are […]

How to Fix Unvalidated Redirects and Forwards

By | May 2, 2012

An unvalidated redirect allows an attacker to exploit the trust a user has in a particular domain by using it as a stepping stone to another arbitrary, likely malicious site. An unvalidated forward allows an attacker’s request to be forwarded past security checks, allowing unauthorized function or data access. How do I Fix Unvalidated Redirects […]

How to Fix Insecure Cryptographic Storage

By | May 1, 2012

Hashing is the first step towards secure cryptographic storage of data before passing it to the database. It is advisable to make sure sensitive parameters like password, credit card information is encrypted by using hashing algorithm so that in the event of a database compromise such information is still secure. To make the hashing stronger […]

How to Fix Cross-site Request Forgery Vulnerability(CSRF)

By | May 1, 2012

Cross-Site Request Forgery (CSRF) is an attack that allows a hacker to perform an action on the vulnerable site on behalf of the victim. The attack is possible when the vulnerable site does not properly validate the origin of the request. The attack is performed by forcing the victim’s browser to issue an HTTP request […]

How to Fix Insecure Direct Object Reference Vulnerability

By | May 1, 2012

Many times application references an object (files) to generate web pages. A simple example is when a user requests his mobile bill and the application fetches it from the server and displays on his screen. Applications don’t always verify the user is authorized for the target object. This results in an insecure direct object reference […]

How to Fix Cross-site Scripting Vulnerabilities

By | May 1, 2012

Websites often accept user input for the application to display on the screen. If the application is not careful enough with its treatment of user (attacker) input, it is possible for an attacker to inject malicious data, which when displayed on the screen can execute HTML or JavaScript code in the user’s browser. This vulnerability […]