9083766304
15

Nov
2018

WAF and IPS. Does your environment need both?

I have been in fair amount of discussions with management on the need for WAF, and IPS; they often confuse them and their basic purpose. It has been usually discussed after a pentest or vulnerability assessment, that if I can’t fix this vulnerability – shall I just put an IPS or WAF to protect the […]

READ MORE
08

Nov
2018

Don’t be a security snob. Support your business team!

There have been many a times that access controls have been discussed in the meetings related to web development. With an interconnected world of APIs it is very important to understand the authentication of these end-points. One of the best approach I always vouch for is mutual authentication on SSL certificates (or 2 way SSL). […]

READ MORE
01

Nov
2018

An Interview by Timecamp on Data Protection

A few months back I was featured in an interview on Data Protection Tips with Timecamp. Only a handful of questions but they are well articultated for any organisation which is proactive & wants to address security in corporations, and their employees’ & customers responsibilities. — How do you evaluate people’s awareness regarding the need […]

READ MORE
25

Oct
2018

Exclusive Interview with SPYSE team on free security tools and new projects

I don’t think many of you have heard of SPYSE (I didn’t before this interview) before, but let me tell you – they are amazing people, great developers and believe me when I say they are contributing great to information security community with their amazing tools and projects. I got interested and frankly heard about […]

READ MORE

DevSecOps is coming! Don’t be afraid of change.

There has been a lot of buzz about the relationship between Security and DevOps as if we are debating their happy companionship. To me they are soulmates, and DevSecOps is a workable, scalable, and quantifiable fact unlike the big button if applied wisely. What is DevOps? The development cycle has undergone considerable changes in last […]

READ MORE

Prepare well before you take off!

I have been working in Information Security domain long enough to understand what is it about, and where most the candidates I interview fumble. So, if you have a technical skill-set, out-of-box thinking and the passion to work, you have an excellent chance to be hired. This article will help you to avoid common mistakes […]

READ MORE

You’re in the interview room. Now what?

In my last blog post on Interview Tips: Prepare well before you take off, I reckon the facts you need to be sure off, before you reach the door of your next firm, or pick the call that will decide your next lap. Now, this blog post will focus on things to do during the […]

READ MORE

Ten things you may reveal during job interview (Response to Forbes Article)

In continuation to my recent articles on preparation for the interview, and few pointers to make perform better during the interview, I stumbled on an article at Forbes – Ten Things Never, Ever to reveal in a job interview by Liz Ryan. I agree with some of the pointers she voiced, but few might hurt […]

(603) 302-2300

Restrict Certificate Authorities (CA) to issue SSL certs. Enable CAA record in DNS

It’s been a long time since I audited someone’s DNS file but recently while checking a client’s DNS configuration I was surprised that the CAA records were set randomly “so to speak”. I discussed with the administrator and was surprised to see that he has no clue of CAA, how it works and why is […]

READ MORE

Implement “security.txt” to advocate responsible vuln. disclosures

After discussing CAA record in DNS to whitelist your certificate authorities in my previous article, do you know it’s a matter of time that someone finds an issue with your web-presence, website or any front-facing application? If they do, what do you expect them to do? Keep it under the wrap, or disclose it to […]

READ MORE