Feb 082016
 

From Our Blog: Data Privacy – An Introduction by Latha Sunderkrishnan (Senior Consultant) When companies and merchants use data or information that is provided or entrusted to them, this data should be used according to the agreed purposes.  Companies must ensure data privacy because the information is an asset to the company. Privacy concerns exist wherever personally identifiable information or other sensitive information is collected and stored – in digital form or otherwise. Improper or Read More…

Feb 082016
 

I am pleased to share the story of our growth so far, specifically the progress made by our Security Solutions Division and the Security Operations Centre (SOC) – now renamed as the Security Services Centre (SSC) But first, some updates … NII posted growth of 80% year-on-year for the financial year 2014-15 We are on track to post >40% growth this year as well Our team size has grown to 200+ people in India and Read More…

Feb 052016
 

Network segmentation plays a vital role while complying with the Payment Card Industry Data Security Standard. Effective segmentation helps in reducing the scope of assessment, cost and risk to data security. The PCI DSS standard recommends that networks which process, store or transmit card holder data should be segregated and segmented from network environments that don’t deal with card holder data to ensure security. For a recent engagement with a client in the Middle East, Read More…

Jan 292016
 

This write-up summarizes a workshop/humla conducted by Ashfaq Ansari on the basics of various kinds of attacks available for exploiting the Windows Kernel as of this date. It describes and demonstrates some of the very common techniques to illustrate the impacts of bypassing Kernel security and how the same could be achieved by exploiting specific flaws in kernel mode components. A knowledge of basic buffer overflow exploits through user mode applications is a plus when understanding Read More…

Jan 282016
 

Definition of Information Privacy Wikipedia defines Information privacy as follows: Information privacy, or data privacy (or data protection), is the relationship between collection and dissemination of data, technology, the public expectation of privacy, and the legal and political issues surrounding them. Introduction When companies and merchants use data or information that is provided or entrusted to them, this data should be used according to the agreed purposes.  Companies must ensure data privacy because the information is an asset to the company. Privacy concerns exist Read More…

Dec 182015
 

Introduction A thick client is a computer application runs as an executable on the client’s system and connects to an application server or sometimes directly to a database server. Unlike a web-based application, thick clients require a different approach to testing, as they are not easy to proxy using a client-side proxy tool such as Burp Suite. There are basically 2 types of thick client application. Executables (written in one of either Java, C, C++, Read More…

Oct 012015
 

Software Project Governance – Using SDLC Metrics Software project costs generally form 40% of the total IT budget in most companies. However, seldom a software project meets all user requirements, is within the budget and is completed on time. Most software Projects fail to provide the required functionality in the scheduled time and budget. Thus, the results do not meet the required quality criteria. Therefore, focus of most organizations is on improving   software development processes Read More…