StrongBox IT

September 6, 2021
Blog

Security Misconfiguration

Misconfiguration occurs whenever the system fails to meet the security framework standards. It may occur at the application server-side, application stack level, or even at the network side. Non-identification of these flaws may sabotage and compromise the entire system. It is listed as the sixth most serious threat to OWASP’s top 10 vulnerabilities. Misconfigurations […]

September 5, 2021
Blog

Broken Access Control

The failure of the system to validate the user even after the user authentication is called Broken Access Control. This allows the user to bypass the basic access controls without proper validation. This leads to admin-level data exposure which in turn may lead to several other complications. It obtained fifth place in OWASP’s top 10 […]

September 4, 2021
Blog

XML External Entities

XML External Entity injection is the type of threat that allows an attacker to access an application’s XML data processing files. It takes place on poorly configured XML processors that allow external entity references within XML documents. It may cause subjugation of important assets using the URI handler, internal file shares, internal port scanning, remote […]

September 3, 2021
Blog

Sensitive Data Exposure

Sensitive data is important information or an asset that needs to be protected. It includes personally identifiable information (PII), banking information, login credentials, etc. Sensitive data exposure is the exposure of private data carelessly thereby leading to a breach in the entire system. The data being obtained is being sold or modified to conduct fraudulent […]

September 2, 2021
Blog

What Is Broken Authentication?

Broken authentication is theft of user credentials, session tokens, keys, etc.. to gain unauthorized privilege. It is a threat inherent in an online platform or an application thereby enabling the hacker to bypass the authentication. Attackers try broken authentication manually and attack them by using password lists and automated tools. Based on the system targeted, […]

September 1, 2021
Blog

SQL Injection Attack In Cybersecurity

An injection is a broad class of attack vectors where the attacker provides an altered input to a program. When the input gets executed as a part of a command or a query, the result obtained is completely altered. It is listed as the most dangerous threat in OWASP’s top 10 vulnerabilities. This flaw allows […]

August 31, 2021
Blog

What are the OWASP top 10 vulnerabilities?

OWASP The Open Web Application Security Project (OWASP) is an online nonprofit initiative that derives a set of rules or protocols, articles, methodologies in the field of cyber security. It works on an open-source model where various users contribute tools, forums, and projects. OWASP is the repository of web application security modules. ModSecurity ModSecurity is […]

August 30, 2021
Blog

Why cybersecurity is important in healthcare?

In the current scenario, healthcare leaders are extra equipped to increase spending on cybersecurity. But with new threats uncovered every day, it is exhausting to recognize where an organization would be better off investing its budget. Many healthcare corporations have a range of specialized hospital data systems such as EHR systems, e-prescribing systems, practice management […]

December 3, 2020
Blog

Vulnerability in widely-used WordPress plugin could allow full site takeover

WooCommerce has made ecommerce website building and developing easy with multiple plugins automating the tasks without any coding knowledge. TI WooCommerce Wishlist is one such plugin which enables the customers to add any product to their wishlist and buy them later. A flaw in this plugin enables the user (customer) to attain the admin status. […]

November 27, 2020
Blog

Installing Modshield SB from the GCP Marketplace

Step 1:Open the GCP Marketplace listing page that suits your licensing model (Cloud / BYOL), and click on the Launch button. Step 2: Provide a suitable instance name for your new deployment. Change the Deployment Zone and Machine Type if required, while it’s recommended to use the deployment template defaults. Disk Size can be […]

November 2, 2020
Blog

Why Application Security Testing is Critical for Organization

According to an article in CIO magazine, a typical USD500+ million organization has 3,000+ applications. While average, organizations (excluding financial firms) have around 600 business-critical applications. On the other hand, financial firms have about 800 business-critical applications. Every day growing numbers of both small and large enterprises are falling victim to hackers, resulting in data […]

October 21, 2020
Blog

Top 4 Points to Consider when selecting an Web Application Firewall (WAF)

Web Application firewalls have, for a long, served as one of the enterprise’s important security technologies. But even as hackers have gotten sharper at avoiding traditional security, application firewalls have maintained their value. If your enterprise is considering a web application firewall for the first time or looking to replace an existing one, ensure you […]