877.791.9571 |

About the Author:

Lohit is a Security Professional currently working as a Security Analyst with Oracle. He has experience in working with RFPs/RFIs; Security HLD and LLD design; Network Security elements like Firewall, IDS/IPS, DLP, Reverse proxy, WAF; in Public Key Infrastructure(PKI); in Application Security testing for OWASP Top 10; in Compliance's like PCI-DSS 2.0,3.0 , ISO 27k1, HIPPA; with Cloud Service Provider's such as AWS; in Security Incident and Event Management(SIEM) with tools like Splunk; in Vulnerability Testing. He holds certifications like Comptia Security+, IBM cloud security solution advisor. Earlier he was working with Infosys.
POODLEattack10202014

End of SSL with POODLE

In this article we will learn about the how SSL has reaches its end with various vulnerabilities. This article will also cover the recent vulnerability discovered by Google researchers […]

tunnel10162014

Teredo Tunneling

Introduction
In this article we will learn about a transition technology in networking known as Teredo tunneling. There are various transition technologies already in place such as 6to4, but because […]

microsoft_direct_access10102014

Microsoft DirectAccess

In this article we will learn about a very famous security product of Microsoft known as Microsoft Direct Access. It is a product built over an old security concept […]

windowsBootProcess-04042013

Windows Resource Protection

In this article, we will learn about a not-so-well known but a very useful security feature in Windows: Windows Resource Protection. This feature can help a great deal in […]

FIDstand09302014

SAML, OAuth, OpenID

Introduction

In this article, we are going to see what are federation, single sign-on, and three federated identity standards, namely Security Assertion and Markup Language (SAML), OpenID and OAuth. We […]

ColdBootAttack09152014

Cold Boot Attack

In this article, we will learn how sensitive cryptographic key material can be taken away from DRAMs, which are used in most modern operating systems through an attack known […]

Tokenization09112014

Want to Limit PCI DSS Scope? Use Tokenization

Every organization should follow a proactive rather than a reactive approach to protect against threats, risks and vulnerabilities, to which if their IT infrastructure is exposed can lead to […]

MSNAP08192014

Microsoft NAP (Network Access Protection)

In this article we will learn about one of the most important features introduced by Microsoft from the perspective of network access protection (NAP). We will also cover all […]

Encryption

Amazon S3 Encryption

Introduction
Cloud computing has really changed how organizations operate and store their data. Cloud computing attracts big organizations with tags such as huge savings on cap-ex, op-ex, on-demand, and availability. […]

FileInteg07182014

File Integrity Monitoring (FIM) and PCI-DSS

In this article, we will learn about the requirement of file integrity monitoring in PCI-DSS (Payment Card Industry Data Security Standard). If we talk about PCI-DSS, FIM is the […]

Data_Loss_prevention07092014

Data Loss Prevention (DLP) Strategy Guide

In this article, we’ll learn about the concept of data loss prevention: why it is needed, what are the different types of DLP and its modes of operations, what […]

PKI-In-Cloud06302014

Public Key Infrastructure (PKI) in the Cloud

As the adoption of various forms of cloud models (i.e. public, private, and hybrid) in various industry verticals are increasing, the cloud buzzword is on a new high. However, […]

NetworkTimeProtocol06242014

Network Time Protocol (NTP): Threats and Countermeasures

In this article I am going to illustrate how NTP is vulnerable to attacks like replay-delay attacks, MITM, and a very recent attack termed as NTP DdoS (which is […]

pci_logo06122014

PCI-DSS 3.0 – Key Drivers

Every organization should follow a proactive rather than a reactive approach to protect against threats, risks, and vulnerabilities to which if their IT infrastructure is exposed can lead to […]

SEIM-05152014

Top 6 SIEM Use Cases

With rising trends and forms of attacks, most organizations today deploy a Security Incident and Event Management (SIEM) solution as a proactive measure for threat management, to get a […]