During the assessment of one of the financial applications built upon the flutter framework, we came across that the application was using PGP encryption for encrypting the API requests. It is pretty common for financial applications to be implementing traffic encryption, with AES seen to be the preferred algorithm for encrypting traffic. There is plenty of research already available on decrypting AES encrypted traffic.
Enterprise software projects increasingly depend on third-party and open source components. These components are created and maintained by individuals who are not employed by the organization developing the primary software, and who do not necessarily use the same security policies as the organization. This poses a security risk, because differences or inconsistencies between these policies can create overlooked areas of vulnerability that attackers seek to exploit.
Vulnerabilities are software bugs or weaknesses that could be used by an attacker. They could be present in the operating system, application code, and third-party code dependencies, such as libraries, frameworks, programming scripts, and so on. By taking a secure DevOps approach and identifying vulnerabilities early in development, you avoid frustrating developers with delays when an application is ready for production.
If you help to manage cloud environments, you’re probably familiar with the concept of identity lifecycle management. Identity lifecycle management helps you keep track of who is allowed to do what within your cloud. But merely understanding identity lifecycle management isn’t enough to administer modern cloud identities effectively. You also need a way to automate identity lifecycle management at massive scale.
The migration of assets to the Cloud has been the common denominator in company business strategies over the last two years, coupled with the rising number of incidents involving the theft of sensitive information and user passwords on Cloud platforms. According to the Verizon Data Breach Report 2021, in 2020 29,207 real-time security incidents were detected, out of which 5,258 were confirmed data breaches.
This blog was written by an independent guest blogger. In mid-March, Microsoft released a free, open-source tool that can be used to secure MikroTik routers. The tool, RouterOS Scanner, has its source code available on GitHub. It is designed to analyze routers for Indicators of Compromise (IoCs) associated with Trickbot. This article will introduce some background on the MikroTik vulnerability, the Trickbot malware, and some ways you can protect yourself.
You’ve secured your cloud identities. You’ve hardened your cloud security posture. You’ve configured strong cloud access controls. But there’s still one more thing you need in order to secure your cloud environment: a cloud workload protection platform, or CWPP. Cloud workload protection platforms secure the workloads that run on your cloud — which are distinct from the infrastructure, user identities and configurations that form the foundation of your cloud environment.
