Category Archive Beginner

ByBala Manikandan

Anonymous Inner Classes and Lambda Expressions in Java

Reading Time: 6 minutes

Before beginning this post, I would like to state that this post assumes some prior knowledge of Java (particularly inheritance, using interfaces and overriding methods)

Most classes we have seen have their own name and exist on their own (outside any other class or method). But anonymous inner classes can exist inside another class/method, and do not have a name (hence the name ‘anonymous’). These classes must either extend another (named) class or implement an interface. When the interface being implemented has only one abstract method, the anonymous inner class can be converted into a special expression called a lambda expression (as of Java 8), which simplifies the code. This post talks about anonymous inner classes and lambda expressions in detail.

Anonymous Inner Classes

As mentioned above, anonymous inner classes do not have a name, can exist within another class/method, and must extend another class or implement an interface.

Let us see the various examples that can be used to work with anonymous inner classes:

  1. The following example uses an anonymous inner class to extend another class and create an object of it on the spot. Observe the syntax carefully:

//Using anonymous inner classes to override methods of an existing class

package codingexamples;

class Sample{

    public void display(){

        System.out.println(“Sample”);

    }

}

public class Example1 {

    public static void main(String[] args){

        Sample s1 = new Sample();

     

        Sample s2 = new Sample() {                //line 1

            public void display(){

                System.out.println(“Sample 2”);

            }

        };                            //this semicolon is very important

       

        useSample(s1);

        useSample(s2);

    }

    static void useSample(Sample s){

        s.display();

    }

}

The output of the above code is:

Sample

Sample 2

Observe the bold section of the code carefully. Note that the first line of code in this region ends in a curly brace, not a semicolon. This line declares a reference variable of type Sample, and initializes it with an object whose type is not Sample, but an anonymous subclass of Sample. The curly brace at the end of the line is the start of the anonymous inner class body.

The next three lines of code, as we can see, are overriding the display() method in the class Sample. This is, of course, the reason behind creating anonymous inner classes. The last line of (bold) code requires some attention. The closing curly brace marks the end of the class, but that’s not all – there is also a semicolon to end the statement started on line 1! As it is unusual to see semicolons after closing braces, this is very easy to miss.

On the whole, the code creates two Sample references, one holding a Sample object, and another holding an object of an anonymous subclass of Sample (which overrides display()). These variables are then passed to the useSample() method which calls their respective display() methods. This leads to the output mentioned above.

 

2. Anonymous inner classes implements an interface in the second example:

//Using anonymous inner classes to implement methods of an interface

package codingexamples;

interface Movable{

    void move();

}

public class Example2 {

    public static void main(String[] args){

      Movable m1 = new Movable(){

            public void move(){

                System.out.println(“m1 is moving”);

            }

        };

       

        useMovable(m1);

    }

    static void useMovable(Movable m){

        m.move();

    }

}

 

The output of the above code is, as expected:

m1 is moving

This code is very similar to the first example. Note that even though the syntax used is ‘new Movable()’, the code is not instantiating the interface (it’s not legal to do so). The variable m1 refers to an anonymous implementer of Movable.

3. Anonymous inner classes can extend/implement classes/interfaces having more than one method as well. They can also be used as method arguments (watch the syntax again). The following example illustrates these two points:

//Another example of anonymous interface

package codingexamples;

interface Bounceable{

    void bounce();

    void jump();

}

public class Example3 {

    public static void main(String[] args){

        /* Create an anonymous implementer of Bounceable in the argument list of useBounceable() */

       useBounceable(new Bounceable(){

            public void bounce(){

                System.out.println(“Anonymous object bouncing”);

            }

            public void jump(){

                System.out.println(“Anonymous object jumping”);

            }

        });

    }

    static void useBounceable(Bounceable b){

        b.bounce();

        b.jump();

    }

}

 

The output of the above code is:

Anonymous object bouncing

Anonymous object jumping

Observe how the object of the anonymous inner class is created right inside the argument. Also note that in this case, the statement ends with a closing curly brace, a closing parenthesis and then a semicolon.

Lambda Expressions

Now we will move onto Lambda expressions. Consider the following scenario. You have a class Student, which stores some details of a student such as name, marks etc. You also have an interface Check, as shown below:

interface Check{

    boolean test(Student s);

}

This is meant to create multiple custom ‘checks’ on the attributes of each student (for example, ‘name’ starts with ‘A’, ‘marks’ >= 95 and so on). For each such test condition, prior to Java 8, it would be necessary to define a class that implements the interface. Of course, it would be inconvenient to define multiple such implementers with names such as ‘CheckName’, ‘CheckMarks’ etc. (as one can see, it is repetitive). Another approach is to use anonymous inner classes as implementers of interface Check (already discussed above), which removes the problem of repetitive names. However, each anonymous implementer, as we have seen already, spans at least five lines of code.

Java 8 allows you to create ‘instances’ of functional interface ‘implementers’ through the use of lambda expressions (a functional interface is one that contains exactly one abstract method). These can, in certain cases, replace anonymous inner classes and simplify the code. The following example defines the class Student, interface Check and makes use of the interface through lambdas:

//Demonstrate the use of lambda expressions

package codingexamples;

class Student{

    private int marks;

    private int grade;

    private String name;

    public Student(String n, int m, int g){

        name = n;

        marks = m;

        grade = g;

    }

    public String getName(){

        return name;

    }

    public int getMarks(){

        return marks;

    }

    public int getGrade(){

        return grade;

    }

}

//Check is a functional interface (one abstract method)

interface Check{

    boolean test(Student s);

}

public class Example4 {

    public static void main(String[] args){

        Student[] students = {

            new Student(“John”, 90, 7),

            new Student(“Roger”, 70, 9),

            new Student(“Fred”, 88, 6),

            new Student(“Robert”, 60, 8)

        };

       //Lambda expressions

        Check seniorsChk = s -> s.getGrade() >= 9;

        Check toppersChk = s -> s.getMarks() >= 85;

       System.out.println(“Senior students:”);

        filterStudents(students, seniorsChk);

       System.out.println();

       System.out.println(“Toppers:”);

        filterStudents(students, toppersChk);

    }

    static void filterStudents(Student[] stu, Check chk){

        for(Student s: stu){

            if(chk.test(s))

                System.out.println(s.getName());

        }

    }

}

The output of the above code is:

Senior students:

Roger

Toppers:

John

Fred

Before going into the working of this code, let us observe the syntax of the lambda expression. The general syntax of a lambda expression is:

<Parameter(s)> <Arrow> <Lambda Body (must be an expression which evaluates to the abstract method’s return type)>

To understand better, keep in mind that the following expression:

s -> s.getGrade() >= 9

Is equivalent to (in this case):

new Check(){

     public boolean test(Student s){

            return s.getGrade() >= 9;

     }

}

Thus a lambda expression essentially just behaves like an anonymous inner class, with fewer lines of code. Now we can understand that the code basically creates two ‘test conditions’ on Student objects, using lambdas, and then filters a list (array) of Student objects using these ‘test conditions’ (implementers of interface Check). Walk through the lines of code to understand better. Here, Roger is considered a senior as he is in a grade higher than or equal to grade 9, and John and Fred are considered toppers as each of them has scored more than or equal to 85 marks each.

Before we end, let us rewrite the code in Example 2 using a lambda expression (interface Movable used in that example is also a functional interface). Old code is commented out:

//Example 2 rewritten using a lambda expression

package codingexamples;

//assuming interface Movable already exists

public class Example5 {

    public static void main(String[] args){

        /* Movable m1 = new Movable(){

            public void move(){

                System.out.println(“m1 is moving”);

            }

        };

        */

        Movable m1 = () -> System.out.println(“m1 is moving”);

        /* note that parentheses are needed when the method

                accepts zero arguments or more than one argument */

        useMovable(m1);

    }

    static void useMovable(Movable m){

        m.move();

    }

}

The output of the code remains the same as before. Note that examples 1 and 3 above cannot be rewritten using lambdas, as example 1 uses a class, and example 3 uses a non-functional interface (two abstract methods).

We have seen different types of anonymous inner classes and Lambda expressions in this post… stay tuned for more technical posts!

 

ByJayanthi

Offensive and defensive security

Reading Time: 2 minutes

Did you know that the words ‘offensive’ and ‘defensive’ can be used in the InfoSec domain as well? If you follow my writings on Information security – you might realize that the InfoSec domain itself feels different for one set of posts and different for another set of posts…The two distinct classifications are ‘offensive security’ and ‘defensive security’.

While which part of security interests you, depends on you and you alone, security might never be an independent task and it might be a combination of both that you might be facing at work everyday. Having said that, let us move onto to see what is meant by ‘defensive’ and ‘offensive’ security.

Defensive security:

Conventional security is mostly termed as ‘ defensive security’. ‘Defensive security’ deals with security mechanisms that defend the business/home environment like firewalls, VPNs, anti-virus definitions and more. Just like with other applications of the word ‘defensive’ – ‘defensive security’ is more of a reactive approach. We install anti-virus software to keep out viruses, firewalls to block intrusion attempts, work with business continuity and disaster recovery experts, draw security plans to protect the organization but we do not tear the system down to find the vulnerabilities in it.  This is ‘defensive security’.

Offensive security:

‘Offensive security’ on the other hand is the exact opposite of ‘defensive security’. It is like performing a root canal treatment on the business and personal systems to unearth the various vulnerabilities in systems to seal them effectively! Ethical hacking, pen testing,vulnerability assessments,  digital forensics, advanced attacks all come under the umbrella of ‘offensive security’.  Offensive security involves attacking and pen testing live systems. Offensive security mechanisms are much more intensive than defensive security tactics.

ISPO — home page wordle

There are numerous offensive security certifications but the ‘OSCP'(Offensive security certified professional) and the very popular CEH(Certified Ethical hacker from EC-Council) stand out. If you think hacking is your thing, become a white hat hacker and earn these precious certifications. These certifications however are not for the faint of heart. They involve more technical expertise and more hands-on experience. For example, the OSCP certification exam is conducted for a full 24 hours!(yes, you read that right!) 

OSCP certification:

  1. Candidates taking the grueling OSCP certification must first take the ‘Pen testing with Kali Linux’ online course before attempting the examination
  2. The cost of course and the exam is 800$ which involves 30 days lab access
  3. “The OSCP examination consists of a virtual network containing targets of varying configurations and operating systems”
  4. The candidate is expected to research the network, find vulnerabilities and execute attacks.
  5. Successful OSCP holders can conduct remote and client side attacks, deploy tunneling attacks to bypass firewalls and more! 

More information about OSCP certification can be found here

Which type of security are you more aligned to? Defensive or Offensive? Does it fascinate you? 

 

ByJayanthi

Careers in Information security

Reading Time: 3 minutes

The ‘Information security’ domain is growing by leaps and bounds today. While it was in a negligible state of growth even 5 years back, it has grown exponentially over the years. Schools have started introducing small bits of Information security concepts into the curriculum. Colleges in India and abroad have started introducing Information security specializations at the undergraduate and graduate level. So, what are the different career choices that are available for students who graduate with a degree in Information security and for professionals who move along their Infosec careers?

This is a list of career options that are available for professionals who are in the InfoSec field with the description of the various career choices:

  1. Security analyst

       Experience – Atleast 5 years of relevant experience

      Certifications – CISSP, CCSP, CEH, OSCP and other certifications are always preferred.

       Job description – 

     The security analyst is expected to:

  • Monitor & optimize security monitoring and assessment solutions/tools to efficiently identify the most concerning security gaps.
  • Capture, prioritize and efficiently escalate to appropriate internal teams any security incidents identified from security tools or from correlation with other sources.

2. Network Security Engineer

Experience – 6 or more years of relevant functional experience in network architect role or equivalent

Job description –

  • Designing, Implementation and integration of networking equipment routers, switches, firewalls, proxies and security appliances
  • Troubleshoot, resolve and find out root cause of network and security issues.
  • Prepare network documentation such as network diagram, network design with rationale of design, implementation plan and power point slides on proposals for new features to address network issues.

3. Information security analyst – Pen tester

         Experience – 3-5 years experience as pen tester or Information security specialist with pen testing acumen.

        Certifications such as CISSP, CEH will always be preferred.

        Job description – The Information Security Analyst will be responsible for performing penetration tests on IT Solutions created in house as well as commercial off the shelf. The analyst will be responsible for creating external security testing requirements, coordination of tests performed by contracted 3rd parties and evaluation of the reports. 

4. IT auditor

      Desired skills – A degree in Computer Science with  6+ years of experience in IT and Operations auditing, risk management, IT Compliance, Information Security, IT program or project management,

      Certifications – CISSP, CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager ) are some of the preferred certifications to secure a job as an IT auditor.

      Job description – The role of an IT auditor involves developing, implementing, testing and evaluating audit review procedures. He/She will be responsible for conducting IT and IT-related audit projects using the established IT auditing standard in their organization. The audit process can extend to networks, software, programs, communication systems, security systems and any other services that rely on the company’s technological infrastructure.

5. NOC engineer

   Desired skills and experience – 3+ years’ experience with MS SQL, VMware, and IIS including related technologies and standards such as DHCP, DNS, DFS, LDAP, IPSEC, CIFS, SMB, etc.

      Job description –

  • Periodically check application and system health to support NOC Technicians.
  • Day to day administration of a 1000+ Windows/Linux servers, including related applications.
  • Manage and support local site VMWare multi-cluster environment.

6.  SIEM – Security Information Event Management-Consultant

        Mandatory skills – SIEM

       Desired skills – Application Security Code Review – SAC-L1, Big Data-L1

       Desired work experience – 5-8 years

      Job description – The job requires the candidate to have in-depth knowledge in any one technological or industry practice / functional area and overview of 2-3 other areas. The candidate should be able to handle solution definition/ fitment for a small sized project with a medium complexity. The candidate should also be able to build a custom Function Module with medium complexity program logic.

7. Network Security Administrator

    Desired skills – Experience in network configuration and administration including VLANs, ACLs, switches, routers, ISPs and firewalls (i.e. Cisco, HP, Palo Alto, SonicWALL) would be good along with other skills with Linux OS, Azure, switches, routers, firewalls

Job description –

  • Design, implement and manage a foolproof network security policy
  • Implement and configure security software and tools such as anti-virus, firewall, intrusion detection and more
  • Identify known and unknown network vulnerabilities and ways to counteract them

 CISO(Chief Information Security Officer) and CIO(Chief Information Officer) are the professionals who have reached the pinnacle of the IT security profession!

These are some of the career choices that are available in the area of Information security. Almost all jobs will need a degree in Computer Science or related area along with certifications such as the CISSP or CEH or other appropriate certifications.

References:

  1. indeed.co.in
  2. Linkedin.com
  3. naukri.com

 

ByJayanthi

Reflections – A2Z19

Reading Time: 2 minutes

The month of April is always a busy one for me. Two grown kids at home(oh, they are work too!! :)) , schedules all over the place, travelling, business work – all start running riot in April… 🙂 And in the midst I really wanted to do the #BlogchatterA2Z challenge as I had enjoyed doing it so much last year … so, how did I manage? Here goes the report card and my reflections on the whole journey:

Report card:

My idea was to write posts in Information security(in tune with my blog’s primary objective) and proverbs.. and I did manage to complete them very well… Actually, I had a lot of Information security thoughts in my head, which got shape and a final form once I started writing… Given a deadline to finish one post per day motivated me to stay on track and write about all about what I wanted to do!! 🙂 

My Information thoughts just flowed and flowed!! 🙂

What was the hard part?

Being both a technical and a personal blogger, I always wonder what is the hard part of blogging? Sometimes, it is just getting started…other times, it is just the content and yet, at other times, the flow just doesn’t seem right…but most times for me, it is just the ‘title’ of the blog topic which is the challenging part… once a suitable and interesting topic arises, everything falls into place miraculously!! 🙂

Here are my InfoSec posts which I managed to write making it both understandable and techy at the same time…

Authentication

Cyber-bullying!

Digital forensics

‘Everyday’ security

GIAC certifications

Identity chaos

Identity management

OWASP Top 10 vulnerabilities

Is ‘Privacy’ a myth?

Red Team – Blue Team

SOC

Two factor authentication

Women in Cybersecurity

YouTube security

Project Zero

All of the posts were something that I enjoyed writing, but I particularly enjoyed researching and writing about Project Zero, YouTube Security. OWASP top 10 vulnearabilities the most!! I hope my writing shed light on some topics that you were vague about and motivated you to stay on top of Cybersecurity as well!

Until next year from A2Z…. Ciao!!  🙂

 

 

 

 

 

ByJayanthi

YouTube security

Reading Time: 2 minutes

There must not be a soul in this planet who has not watched YouTube videos in this age! From small babies to older adults we all watch them. There are cooking videos, educational videos, entertainment videos, cartoons and name a topic and you can find a video on the same. The business has grown so much that there are many who have made a fine career by making YouTube videos and are known as ‘YouTubers'(not an easy one though, atleast initially) 

With so much riding on YouTube are there any security problems? Of course, for any social media that is used billions of people there is bound to be a few(or more!)security hiccups here and there. The problem is identifying it first and then closing it. 

Comments:

If you have watched a lot of videos that have children in them, you might have noticed that many of them(though not all) have their comments section disabled currently. Why did this happen? In February this year, video creator, Matt Watson found a “pedophilia wormhole ring” which was being facilitated by the comments in the YouTube videos.  I know, I feel disgusted too… 🙁 How did this happen? Pedophiles were meeting through the comments section on YouTube videos which feature children. They exchange their contact information, pass lewd comments and do other disgusting things! For more information visit this link.

What is being done after this discovery?

It is safe to say, that YouTube has disabled the comments section of many videos featuring children. It has also removed thousands of “inappropriate” comments and terminated hundreds of viewer accounts. Though many YouTuber creators might be offended that this might be eating into their advertising and marketing, I think this is a good move to keep children safe online. 

What else can be done by us?

The only thing that we can all do is to ensure that children get a YouTube account only when they are advised to do so – at age 13! After that, it is important for the parents and children to learn and know the risks associated with “broadcasting oneself” and then take the plunge.

I know many parents and children cannot wait to get an email account or YouTube account even at 8 or 9 years of age, but considering that the Internet is not such a safe place after all, isn’t it wise to just a few more years? After YouTube isn’t going anywhere and neither is the Internet. Maybe we will have something more exciting than YouTube too in the few years that they wait too… 🙂

Here’s to keeping children safe online!

 

ByJayanthi

Women in Cybersecurity

Reading Time: 3 minutes

A little girl always fiddled with her mother’s smartphone and tried to crack the passcode or the pattern on it. She knew exactly what her mother would use as passcode or pattern as she knew her mother inside out!! 🙂 She will try and most of the times, she can crack the passcode within three tries!! How? she will use the concept of social engineering. She was always glued to her mother’s cybersecurity’s posts(whether she understood them fully or not)  – and she was constantly wondering if this can be “hacked” or if “biometrics” can indeed work!! 🙂 Do you think this little girl will be a budding “white hat” hacker in the future and “another woman to reckon with in the cybersecurity domain”? Only time will tell and this mother is eager to know that… 🙂

Now moving on from that little story to the real women who are rocking the InfoSec domain today… 🙂

Introduction:

Women have stepped into all professions today. There were always women in engineering, medicine, marketing, art, management, research and more. But ‘Women in Cybersecurity’ has become a movement towards empowering women and trusting their inherent capabilities to beat the newer threats arising everyday. There are twitter handles like ‘Infosec Girls’, ‘Sec-girl TH’, ‘WomenKnowCyber’ and more. There are similarly several profiles on Facebook and LinkedIn as well.

Statistics about ‘Women in Cybersecurity’:

  1. The total number of cybersecurity openings is expected to be close to 3.5 million by the year 2021. However, the total number of women in the cybersecurity domain today stands at only 24% of the total workforce.
  2. However, more and more women are entering the cybersecurity workforce. 
  3. Pay disparity between women InfoSec professionals and their male counterparts is present as in the other professions(my guess, this is due to “family” breaks that most women end up taking)
  4. Men and women do identical cybersecurity duties in the industry(as an example, “threat detection/remediation”, “data security”, “network security architecture”)
  5. Women are getting a higher education in cybersecurity along with most sought after certifications(CISSP, CISM, CISA etc) too!

Who are some of the women leading the cybersecurity domain?

This is a list of some of the top women in the field in no particular order:

  1. Ann Barron-DiCamillo  – is the Vice President Cyber Threat Intelligence and Incident Response at American Express.
  2. Niloofar Howe – is the Chief Strategy Officer at RSA
  3. Eleanor Dallaway – is the Editor of Infosecurity Magazine

Why should women enter the cybersecurity domain?

Apart from the cliched reason, that there is a huge gender gap and the profession needs more women to join the field, from a personal perspective, it is truly amazing to be in the field! 🙂 When most people are just enjoying on the Internet, we can see the things underneath the Internet with a “magical lens” and we take it as a moral responsibility to catch the threats early.

Women also bring a totally new perspective to the field, thus motivating everyone in the board room to include them more!

Information security is not just programming, hunting for bugs, building firewalls – it encompasses all this and even more! And with the field constantly churning out new hacker avatars – there is never a dull moment!

So, what are you waiting for, ladies? 🙂 Hop onto the InfoSec domain today…:) 

This post is for alphabet ‘W’ of the #Blogchatter challenge. The previous post can be found here.

 

 

 

ByJayanthi

SOC

Reading Time: 2 minutes

‘SOC’ is the acronym for ‘Security Operations Center’. The 2018 Verizon DBIR (Data breach investigations report) states that there were 53,308 security incidents and there were 2,216 data breaches in the year 2018. It also states that the 68% of the breaches took months or longer to discover! Isn’t it amazing – there is a  breach in your organization and you don’t have any idea about it till your customers let you know about it or a third party lets you know about it! That is probably the sad truth in the industry!!

SOC:

Keeping that in mind, the SOC is a team that has been informed whose sole purpose is to monitor and analyze the security of an organization. As with other things in security, a SOC team must be formed only after the formal assent from senior management. For any security program to be successful, the senior management in an organization must always be in tune with the goals of the Information security team.

Since security is mostly a reactive approach for most organizations, the SOC team is trained to detect security incidents within an organization and pass the control onto the ‘incident response team’ if an incident occurs. 

The SOC team consists of security engineers, SOC managers and security analysts along with other security professionals. The SOC team will hopefully reduce the time needed to respond to a cyber attack – since a team is always there to detect attacks as early as possible.

The SOC team must be up 24 hrs a day, 7 days a week, 365 days a year! There might never be a dull moment in the SOC team. The day may start out calm and before long alarm bells might be ringing detecting a security incident.  The SOC infrastructure involves the defensive security mechanisms of firewalls, IDS/IPS, breach detection solutions and more. 

Responsibilities of a SOC:

A professional in the SOC team is expected to be able to perform these tasks:

  • network analysis
  • IDS monitoring and analysis
  • malware analysis and forensics
  • The SOC team should also be in tune with the emerging trends and threats in the cyber security landscape. 

What are the skills to be a member of the SOC team?

You may need to have:

  • a Computer Science degree
  • 1-3 years of work experience related to SQL, TCP/IP, IDS/IPS, C, C++, Java, PHP, OS(like Linux, Unix, Windows)
  • Certifications such as GIAC, CISSP, CEH

These are some skills that are suggested to become a member of the SOC. There are other ways if you have the passion for joining a very happening team in the InfoSec domain!!

This post is for alphabet ‘S’ for #Blogchatter challenge. The previous post can be found here.

ByJayanthi

Red Team – Blue Team

Reading Time: 2 minutes

“Red team – Blue team” is a popular parlance in the Information security domain. It actually imitates military tactics, ” red teams” and “blue teams” who work in offensive and defensive positions. Protecting the infrastructure of an organization and ensuring the complete security of an organization is the ultimate goal of every security program.

Every organization wants their

a. precious data to be safe

b. data not to fall into wrong hands

c. not to have any of their client’s passwords stolen

d. not to have any of their private conversations being snooped on and more…

How do we achieve this in the Information security domain? By forming two teams – the ‘Red Team’ and the ‘Blue Team’.

Red Team:

The ‘Red Team’ is:

  • The offensive team or the attacking team
  • It consists of team members who perform duties similar to pen-testers who will attack and test an organization’s defenses
  • It may consist of team members from outside the organization 
  • The Red team will have skills pertaining to performing the attacks like phishing, social engineering, masquerading like employees and more
  • The ‘Red Team’ will attack an organization’s defenses and find loop holes in the system that might be potentially attacked by hackers

Blue Team:

The Blue Team is:

  • The defensive team
  • Will erect all defenses by ensuring that necessary software (such as firewalls, anti-virus definitions) have been installed and all patches are downloaded as and when they are released
  • They will also ensure that all loopholes in the security program are sealed
  • The ‘Blue team’ will have to keep up with all the new security threats and bugs in the Information security landscape and mitigate them accordingly
  • The ‘Blue team’ will have to re-group and re-strategize once the threat of attacks looms

Who is more important? (Red Team or Blue Team?)

Both the teams are equally important as both of them work for the betterment of an organization. While one team erects defenses and makes sure everything is secure, the other team attacks it and shows the vulnerability of defenses. The best way to work  of course, is for the “Red team” to think like the “Blue team” and attack the defenses and for the “Blue team” to think like the “Red team” and create good defenses!

This way, the organization can try to be as secure as possible!

There is also a ‘purple’ team but that will be for another post… 🙂

This post is for alphabet ‘R’ for the #Blogchatter challenge. The previous post can be found here.

 

 

 

 

 

ByJayanthi

OWASP Top 10 vulnerabilities

Reading Time: 3 minutes

OWASP( ‘Open web application security project’) is a community and it is a non-profit organization that is primarily oriented towards securing software. Any type of software that we use today, is always prone to vulnerabilities and bugs. These bugs give hackers a chance to proliferate inside the software and steal our precious information. Can we say any of the data that is stored on countless servers and databases is safe? Never…there is always a way to steal your credit card number sitting in a strange server on a strange land. One way of doing it is by exploiting the vulnerabilities or weaknesses in the software that we use everyday…

OWASP lists the top 10 vulnerabilities in application software along with their risks and countermeasures. This helps organizations to ramp up their software by knowing the common vulnerabilities that are being used. This list is updated every 3-4 years and the last list was updated in 2018.

 

 

It is quite that amazing that when I started coding years ago – we were only worried about getting the code to run the way we wanted it to. But now, times have changed and we have to make sure that the code is hack proof in every possible way.. anyways, here are the OWASP top vulnerabilities released in 2018:

  1. Injection

        ‘Injection’ may mean different things to people from different walks of life but in our context – ‘injection’ is inputting wrong user  data thereby triggering unintended commands. Some examples of injections can be SQL queries, PHP queries, LDAP queries and more.  ‘Injection’ attacks check if an application is vulnerable or not.

    2. Broken authentication

      We have already discussed authentication in an earlier post.  In a typical authentication scenario, we enter the ‘username’ and ‘password’ and if we enter them correctly, we are authenticated. What happens if somebody steals your session maybe in a shopping conversation with a big online retailer? Maybe you were just authenticated and you finished shopping online. What if somebody steals your financial information with the information you entered last?  This is ‘broken authentication’.

   3. Sensitive data exposure

    Now that online banking and online transactions have all become common place – all usernames and passwords can be sniffed if good encryption is not in place. Just imagine a scenario, wherein your online banking password is sniffed by miscreants! Imagine the damage they can do!! 

  This can be avoided by using the latest encryption algorithms and making sure that none of the information is stored in the cache.

4. XML external entities

  This is known as XXE attacks and these are possible due to the uploading of malicious XML files by the user. Once a malicious file is uploaded to the server, it can be used to steal data and do other malicious things.

5. Broken access control

   I have already written about ‘access control‘ in another post.  ‘Access control’ authorizes users to access the appropriate resources. What if ‘John’ gains ‘admin’ privileges and is able to access your account? Is that right? This is ‘broken access control’. John is not authorized to access your account and he should not be able to access by changing a small piece of code.

This can be prevented by using ‘authorization tokens’.

6. Security  misconfigurations

Security misconfigurations can result from using default ‘security’ settings. 

This can be avoided by configuring all the servers appropriately and preventing wordy error messages.

7. Cross site scripting

Cross site scripting occurs when attackers can insert a piece of code on a web page. This can then be used to steal user data and bring down websites.

8.  Insecure deserialization

Serialization and Deserialization are two processes which happen when dealing with data. This is a type of vulnerability wherein the ‘deserialization’ happens with untrusted sources. 

9. Using Components with known vulnerabilities

It is always possible that web application developers are working with components that have some vulnerabilities in them. The vulnerabilities might have just have been discovered. Once that happens, it is good for application developers to delete such components or install patches immediately.

10. Insufficient logging and monitoring

Many security breaches are detected long after an incident. By this time, hackers can penetrate the system and cause even more damage. In order to minimize extra damage, all activities must be logged and monitored. 

The original set of OWASP top 10 vulnerabilities can be found here

This post is for alphabet ‘O’ of the #Blogchatter challenge. The previous post can be found here.

ByJayanthi

Identity management

Reading Time: 2 minutes

‘Identity management’ in some ways is an extension of the concepts of  access control and authentication. The current business environment is complex and getting more complex with time. There are numerous departments(like CRM, ERP and HR) and networks. There are hundreds of business users(like employees, customers and partners) constantly logging into systems and accessing different resources. Employees might also move onto different departments and they might also quit and move onto different organizations. How do we handle the huge responsibility of checking the credentials of the users, authentication them and authorization them? This is done by process of ‘identity management’.

‘Identity management’ involves the process of first identifying the user, authenticating the user and authorizing them to access appropriate resources in an automated way. ‘Identity management’ solutions have to handle the huge task of assigning access to  different users across multiple systems. They also have to make sure that the access is neither too restricted nor too broad.  ‘Identity management’ solutions also involves revoking the credentials of former employees so that cannot access the old resources again.

 

Advantages of IDM solutions:

In the earlier days, IDM solutions were manual, but with today’s complex business scenario, automated solutions are the need of the hour. IDM solutions offer these advantages:

  1. They increase the productivity in an organization(administrators do not have to spend time configuring the different settings for different users)
  2. Security in the organization is enhanced since users are given appropriate access and single-sign on is implemented

IDM solutions:

A number of organizations offer IDM solutions and here are a few of them:

  1. Computer Associates Identity and access management
  2. IBM Identity and access management
  3. Oracle Identity management

Seamless digital transitions in today’s business scenario is possible because of sophisticated identity management’ solutions. 

This post is for alphabet ‘M’ of the #Blogchatter challenge. The previous post can be found here.