2021 CWE Top 25 Most Dangerous Software Weaknesses
Introduction: The 2021 CWE Top 25 Most Dangerous Software Weaknesses is a demonstrative list of most periodic and critical errors that can lead to major software vulnerabilities. It is developed…
US Sanctions Pegasus Maker NSO Group and 3 Other Companies
The U.S. Department of Commerce added four organizations, including Israeli cyberarms industry NSO Group to the Entity List for engaging in malicious cyber activities that are conflicting with the nation’s…
2021 CWE Most Important Hardware Weaknesses
Introduction: The list of 2021 CWE Most Important Hardware Weaknesses is published by the MITRE Corporation in collaboration with DHS’s Cybersecurity and Infrastructure Security Agency (CISA). The composed list consists…
Application Security Testing – Methodology and Approach
Introduction: Application Security Testing is a process to identify security vulnerabilities and weaknesses in web applications. This testing is performed with the combination of both automation and manual process using…
Tianfu Cup 2021 – Windows 10, Chrome, iOS, Linux Exploited
At the Tianfu Cup 2021 held on October 16-17, 2021, a number of operating systems and products were successfully exploited using original, unreleased vulnerabilities. From Windows 10, Google Chrome, iOS…
Network Penetration Testing – Methodology and Approach
Introduction: Network Penetration Testing is a process to find security issues in the organization network, attached devices and network applications. Security issues could be insecure protocol, misconfigured operating systems, improper…
Google Alerts 14,000 Gmail Users Attacked by Russian Hackers
Google has warned approx. 14,000 Gmail users about being attacked by government-backed phishing campaign conduct by Fancy Bear, or APT28, a Russian government cyber espionage group. Google communicated to Gmail…
Mobile Application Security Testing – Methodology and Approach
Introduction: Mobile phones have entered into every aspect of user’s life today, from communication and data to shopping and entrainment. To keep strong hold in the market, companies keep bringing…
Cyber Security Requirements for Application Development Projects
Overview: There are several Cyber Security requirements that should be considered before the development of any kind of application. Organizations must ensure that any new software application project or changing…
STRIDE Methodology in Threat Modeling Process
Overview: This document defines a systematic process of STRIDE Methodology used in organizations to find security threats and prevent them to build a secure application or system. The main goal…