877.791.9571 |

About the Author:

arD3n7 works for a leading IT company and is deeply passionate about information security. As a researcher, arD3n7 loves anything and everything related to penetration testing.
GDSBurpAPI-09062013

GDS Burp API – Part I

Introduction
In my previous article, I discussed the importance of Python and how we can utilize it to fill the gaps created by commercial scanners, thus improving the quality of […]

python-09042013

Python for Web application security professionals

Introduction:
Python is an open source, interactive, object oriented programming language. It’s very easy to learn and an extremely powerful high level language. It runs on Windows, Linux, UNIX, Mac […]

SNMPcheck-feature

Vulnerability Assessment of SNMP Service – Part 4

Background:

This is the fourth article on vulnerability assessment of SNMP service. So far we’ve covered the basics, discovery, and data extraction using various tools from the SNMP Management Information […]

SNMP-Service-feature

Vulnerability Assessment of SNMP Service – III

Background:

This is the third article of this series of articles on vulnerability assessment of SNMP Service. In the previous two articles, we have covered how to set up SNMP […]

SNMP-Network-feature

Vulnerability Assessment of SNMP Service – II

Background:

This is our second article in a series on vulnerability assessment of SNMP Service. In the previous article, we learned how we could set up a SNMP Service on […]

SNMP-feature

Vulnerability Assessment of SNMP Service – I

Background:

This is the first article out of a series of articles that I am planning to write on vulnerability assessment of SNMP Service. SNMP – also known as Simple […]

Running Metasploitable2 on VirtualBox

Running Metasploitable2 on VirtualBox

Background:

Metasploitable is a Linux-based vulnerable virtual machine. It is designed especially for people interested in learning system exploitation. Rapid7 maintains Metasploitable and this virtual machine is downloadable from their […]

EmbeddingSe2-04152013

Embedding Security in Procurement Process & Vendor Contracts – Part 2

Background:

In the previous article, we’ve covered how to implement security in procurement process and vendor contracts. There are 3 different aspects to managing vendors:

Product procurement
Product support
Services

We have covered Product […]

embeddedSecurity

Embedding Security in Procurement Process and Vendor Contracts

Background:

Every organization has a procurement process. Some of the software products acquired by an organization are COTS (Commercial off The Shelf) Solutions. These products are not built or developed […]

dataMasking-04022013

An Introduction to Data Masking

Background:

Dealing with Production Data is a challenge, but most organizations around the world have safeguards in place which secure the production environment properly.However,when it comes to non-production environments like […]

Security-requirement-031313

Building Security in Requirements

Background:

Every software application or product is developed based on business expectations. If we want to build a secure product or application, it is inevitable that we ensure that THE […]

ExceptionManage-03042013

Exception Management

Background:

An organization is a complex structure. We can set up frameworks, lay out processes and chart our policies and procedures to be followed; however, in practice it is impossible […]

RiskAssessment-02262013

Introduction to Application Risk Rating & Assessment

Background:

Understanding today’s threat landscape and looking at the pace with which organizations are adopting secure development practices, there seems to be a huge gap and it will take a […]

s-sdlc-02082013

Implementing Secure SDLC – Part 4

Background

So far we have covered all the necessary information regarding what is Secure SDLC and strategically how to go about implementing it. Detailed information regarding business functions & security […]

SDLC-02132013

Implementing Secure Software Development Program – Part 3

Background:

In the previous parts we covered the approach for implementing Secure SDLC (S-SDLC) and Gap Analysis. In this part we are going to cover Road Map Design and Implementation.

Intended […]

s-sdlc-02082013

Implementing Secure Software Development Program – Part 2

Background

This is the third article on Secure SDLC (S-SDLC) and the second on the implementation of Secure SDLC. So far we have covered an Introduction of S-SDLC and Overview […]

SAMM-02072013

Implementing Secure Software Development Program

Background:

This article follows my earlier one: “Secure Software Development Life Cycle” (from now on referenced as S-SDLC), being one Implementation of the S-SDLC program. I have covered the basics […]

SDLC-sized

Introduction to Secure Software Development Life Cycle

Objective:

The objective of this article is to introduce the user to Secure Software Development Life Cycle (will now on be referenced to as S-SDLC). There are multiple reasons why […]

Blackberry-Curve-sized

Introduction to Blackberry Balance Technology

Blackberry is known for its email and security rather than a company which produces fancy mobile phones. This is one of the reasons why Blackberry is preferred as a […]

blackberry-sized

Security Assessment of Blackberry Applications:

Development of mobile applications have picked up really fast in the last couple of years. Much has been written about the security assessment of iOS & Android applications, however […]