877.791.9571 |

About the Author:

Lohit is a Security Professional currently working as a Security Analyst with Oracle. He has experience in working with RFPs/RFIs; Security HLD and LLD design; Network Security elements like Firewall, IDS/IPS, DLP, Reverse proxy, WAF; in Public Key Infrastructure(PKI); in Application Security testing for OWASP Top 10; in Compliance's like PCI-DSS 2.0,3.0 , ISO 27k1, HIPPA; with Cloud Service Provider's such as AWS; in Security Incident and Event Management(SIEM) with tools like Splunk; in Vulnerability Testing. He holds certifications like Comptia Security+, IBM cloud security solution advisor. Earlier he was working with Infosys.

SIEM Use Cases for PCI DSS 3.0 – Part 3

Welcome to the Part 3 of the series “SIEM Use Cases for PCI DSS 3.0″. We have covered some very good use cases in Part 1 and Part 2. […]


SIEM Use Cases for PCI DSS 3.0 – Part 2

So as promised, I have come up with some more use cases for PCI DSS 3.0 requirements. I will try to cover as many requirements and use cases as […]


SIEM use cases for PCI DSS 3.0 – Part 1

After I got an outstanding response to my previous article on SIEM use cases, I have now prepared a series of articles for some SIEM use cases. In this […]


Fast Flux Networks Working and Detection, Part 2

With the assumption that readers have read Part 1 of this topic, this article will contain the other part of this article, i.e. what benefits an attacker gets from […]


Fast Flux Networks Working and Detection, Part 1

In this series of articles, we will learn about a not-so-new type of attack, but one of the most difficult attacks to control. Yes, we will lean about the […]


WebSocket Security Issues

In this article, we will dive into the concept of WebSocket introduced in HTML 5, security issues around the WebSocket model, and the best practices that should be adopted […]


Checklist for Next Gen Firewalls

Due to the ever-changing threat landscape, a few security products such as firewalls, IDS/IPS, etc. are becoming obsolete because of the older technologies being employed within them. In this […]


NAT-PMP Vulnerability

In this article we will learn about the latest NAT-PMP vulnerability being discovered, which will affect around 1.2 billion SOHO routers worldwide.
What is a SOHO network?
SOHO stands for small […]


End of SSL with POODLE

In this article we will learn about the how SSL has reaches its end with various vulnerabilities. This article will also cover the recent vulnerability discovered by Google researchers […]


Teredo Tunneling

In this article we will learn about a transition technology in networking known as Teredo tunneling. There are various transition technologies already in place such as 6to4, but because […]


Microsoft DirectAccess

In this article we will learn about a very famous security product of Microsoft known as Microsoft Direct Access. It is a product built over an old security concept […]


Windows Resource Protection

In this article, we will learn about a not-so-well known but a very useful security feature in Windows: Windows Resource Protection. This feature can help a great deal in […]


SAML, OAuth, OpenID


In this article, we are going to see what are federation, single sign-on, and three federated identity standards, namely Security Assertion and Markup Language (SAML), OpenID and OAuth. We […]


Cold Boot Attack

In this article, we will learn how sensitive cryptographic key material can be taken away from DRAMs, which are used in most modern operating systems through an attack known […]


Want to Limit PCI DSS Scope? Use Tokenization

Every organization should follow a proactive rather than a reactive approach to protect against threats, risks and vulnerabilities, to which if their IT infrastructure is exposed can lead to […]


Microsoft NAP (Network Access Protection)

In this article we will learn about one of the most important features introduced by Microsoft from the perspective of network access protection (NAP). We will also cover all […]


Amazon S3 Encryption

Cloud computing has really changed how organizations operate and store their data. Cloud computing attracts big organizations with tags such as huge savings on cap-ex, op-ex, on-demand, and availability. […]


File Integrity Monitoring (FIM) and PCI-DSS

In this article, we will learn about the requirement of file integrity monitoring in PCI-DSS (Payment Card Industry Data Security Standard). If we talk about PCI-DSS, FIM is the […]


Data Loss Prevention (DLP) Strategy Guide

In this article, we’ll learn about the concept of data loss prevention: why it is needed, what are the different types of DLP and its modes of operations, what […]


Public Key Infrastructure (PKI) in the Cloud

As the adoption of various forms of cloud models (i.e. public, private, and hybrid) in various industry verticals are increasing, the cloud buzzword is on a new high. However, […]