Category Archives: Uncategorized

Authentication in the World of Clouds

By | May 13, 2019

We live in an age of clouds and microservices. Clouds and microservices provide many benefits but also come with some challenges. One big challenge with clouds and microservices is securely authenticating users to the system. In this post, I’ll highlight challenges and solution for authentication in clouds and microservices. Traditional enterprise authentication This includes a… Read More »

Software Security Requirements

By | January 20, 2019

It has been said that “Without software requirements, software will fail and without software security requirements, organizations will”. Security requirements are the non-functional requirements that need to be addressed to maintain confidentiality, integrity and availability of the application. Software development projects that lacks properly gathered and documented requirements face lot of issues like poor quality,… Read More »

Application Security

By | December 23, 2018

What is Security ? Different people interpret security in different ways. Below are some common interpretations of security. For security professionals, it is protection  safety  confidentiality, integrity, availability  trust For managers, it is cost an undesired requirement more work impossible For users, it is hindrance to productivity unreasonable rules boring awareness sessions not my job The… Read More »

Lessons from Facebook Breach

By | October 20, 2018

On 25th September 2018, the biggest breach in history of Facebook was discovered by its engineers. This was severe because attackers stole access tokens for about 50 million users. The access tokens is a kind of security key that allows users to stay logged into Facebook over multiple browsing sessions without entering their password every time.… Read More »

Agile and Security – Finding the Right Balance

By | September 16, 2018

In today’s fast paced world, one of the major challenge for software development is frequent changing user requirements. Many organisations have moved from older Waterfall model of software development to Agile software model of software development and many others are adapting to it. As part of this transition, security has often been left behind. Agile is… Read More »

Adaptive Authentication – The Future of Web Authentication

By | August 26, 2018

One of the challenge for today’s IT security professionals is to protect data from unauthorised access. With passwords becoming easily ‘hackable’, organisations are shifting towards Multi Factor Authentication which includes an additional security question, SMS, voice calls etc. The main challenge with Multi Factor Authentication is that one size does not fit all and friction from… Read More »

GDPR – A New Standard for Data Privacy

By | April 28, 2018

The growth of technology and electronic communication means that every day, almost every hour, we share our personal data with a huge number of organisations including shops, hospitals, banks and social media sites. Our data is collected, used and stored by organizations. There is significant public concern over privacy and it grows with every new… Read More »

Multi-Factor Authentication : An imperfect necessity

By | April 1, 2018

Using username and password for securing access to websites has been a standard practice for years. In today’s world password alone may not provide adequate security and leave your business at risk. Some common reasons why passwords are inadequate are Brute force attacks has been at much stronger now. With modern hardware and techniques, a… Read More »

New records for DDoS attacks

By | March 18, 2018

Denial of Service attacks has been present for a long time but the magnitude has risen in recent times. As its said, records are meant to be broken. On February 28, 2018, GitHub website was hit with the largest-ever distributed denial of service (DDoS) attack that peaked at record 1.35 Tbps. Within four days, this… Read More »

Pseudo random and Secure random number generators

By | February 17, 2018

In computer applications, sometimes we require to generate and use random numbers but its important to understand the degree of randomness in the method of generating random numbers. Typically there are two types of random number generators, pseudo random number generators and secure random number generators. Lets see the difference between the two types. Pseudo… Read More »