-
7 tenets of NIST's Zero Trust Architecture (ZTA)
By Varun Om | December 29, 2021 | in Enterprise Security
Introduction Our Zero Trust whitepaper focuses on Zero Trust approach for software development, specifically hosted web apps (APIs, Microservices, background jobs and so on). For this reason, the Zero Trust tenets mentioned in the whitepaper have …
-
Your private Git repository might have been exposed by Azure App Service
By Varun Om | December 23, 2021 | in Security Incident
The .git folder inside a Git repository is the most important folder as it has the entire Git commit history. In fact everything else is your current working area and .git is the true repository folder. If someone gets access to this folder, you can …
-
Defend your website against Cross-Site Scripting (XSS) input injection - ZTT series
By Varun Om , Abhilash | December 21, 2021 | in Zero Trust Thinking Series
In the previous article of the Zero Trust Thinking series, we understood what XSS was, and learned three ways of injecting XSS code into a website, also known as types of XSS. In this and subsequent articles, we’ll learn practical techniques …
-
Understand Cross-Site Scripting (XSS) by examples - ZTT series
By Varun Om , Abhilash | December 14, 2021 | in Zero Trust Thinking Series
In this article of the Zero Trust Thinking series, we’re going to learn about a critical security vulnerability called Cross-Site Scripting, or XSS for short, with source code (on ASP.NET MVC) and step-by-step instructions to let you execute …
-
Critical RCE vulnerability in Log4j Java package can lead to server take over
By Varun Om | December 11, 2021 | in Security Incident
A very critical remote code execution (RCE) vulnerability has been discovered in Log4J – a popular Java package for logging. A huge number of applications, frameworks and even cloud services are likely using this package and therefore, is at grave …