StrongBox IT

Dynamic Application Security Testing (DAST) simulates controlled attacks on a web application or service to detect security flaws in a running environment. It evaluates items during operation and provides feedback on compliance and general security issues.  DAST is also referred to as “black-box” tools. These tools are utilized in the SDLC testing and quality assurance […]

Static Application Security Testing (SAST) is a popular Application Security (AppSec) tool that checks an application’s source, binary, or byte code. It is a white-box testing tool that detects the start of vulnerabilities and assists in the remediation of the underlying security problems. SAST solutions examine an application from the “inside out,” They do not […]

1. The Number of Ransomware Attacks Is Increasing Ransomware has continued to grow and change in 2021, making it one of the most common dangers to any organization’s data security and ranks first in the cyber trends of 2021 Organizations are plagued by data theft and financial losses due to the costs of recovering from […]

1. COLONIAL PIPELINE CYBER ATTACK. Colonial Pipeline, an American oil pipeline system in Houston and Texas, transports gasoline and jet fuel to the Southeast United States. On May 7, 2021, the company was hit by a ransomware cyberattack, affecting computerized pipeline management equipment.  Colonial Pipeline Company responded by halting all pipeline operations to limit the […]

A web shell is a shell-like interface that allows a web server to be accessed remotely. Web Shells are most commonly used for cyberattacks. The interaction with a web shell is done through a web browser. How are Web Shells created? Web shells can be created in various web languages; PHP web shells are widely […]

Cybersecurity for children can be a great step towards good parenting. Kids prove to be an easy target for hackers. This is because they are incognizant and don’t know how to differentiate between the good and the bad. As a result, they can be easily manipulated and are made to fall into the trap laid […]

Log4j - A new java-based vulnerability has been uncovered

Application security testing is the process of detecting, repairing, and improving security practices to protect applications from threats throughout their entire lifecycle. Application security can assist organizations in defending all types of applications such as legacy, desktop, web, mobile.  Application security can be broadly classified into two SAS( Static Application Security) DAS( Dynamic Application Security) […]

WHAT IS FISMA? Abbreviated as Federal Information Security Management Act, FISMA was established as federal law by the government of the United States in 2002. It mandates the federal organizations to develop, document, and implement an information security and security program. In addition, FISMA drafts the guidelines for federal data and security standards. It also […]

WordPress is a secure platform for running your website as long as website owners adhere to best security practices. While the WordPress core is safe, there is still much that can be done to keep the website secure from threats. Given the popularity of WordPress, there is a lot more to be gained by WordPress […]

1. OSCP(Offensive Security Certified Professional) The Offensive Security Certified Professional (OSCP) is an ethical hacking certification that teaches penetration testing methodology and how to use the tools included with the Kali Linux distribution. The OSCP is a practical penetration testing certification that requires holders to successfully attack and penetrate various live machines in a controlled […]

Amazon Web Services (AWS) offers a product called CloudFront, which, when combined with AWS WAF, helps businesses protect their web applications from intrusion. However, during an engagement, it was discovered that the “SQL Database” payload could be bypassed. Why Modshield SB is a great AWS WAF alternate? When Modshield SB(Our very own Web Application Firewall) […]