StrongBox IT

ModSecurity is an open-source, cross-platform WAF(Web Application Firewall) designed primarily for Apache HTTP servers. It provides an event-based programming language that offers an array of HTTP requests, along with response filtering capabilities and various other security features across multiple platforms. It is a freeware released under apache license 2.0. ModSecurity offers protection from a wide […]

What is WAF? Web Application Firewall is for filtering web traffic between the internet and web application. WAF is based on a predefined set of instructions and customized according to the risk and specific needs of the web application. It analyses the incoming packets and filters out possible threats at the application level. Why do […]

Every business has a set of assets or sensitive data that malefactors may seem to exploit regardless of its size. These threat factors generally have different motives, some of them are good, some are not. Based on the motives hackers are categorized into six. White hat hackers Black hat hackers Grey hat hackers Red hat […]

National Cyber Security Alliance and the U.S. Department of Homeland Security (DHS) marked October is cyber security month, as a step to make people stay more safe and secure online. As a part of this program, some of the tips to enhance cyber awareness among the personnel are discussed below. 1. Make your passwords long: […]

Web Application Firewall (WAF) helps guard web applications by monitoring and filtering HTTP traffic between web applications and the Internet. Web Application Firewalls exist in physical or virtual appliances form. What is a Network firewall? A network firewall is a security device that monitors the incoming and outgoing traffic and allows them based on the […]

Both WAF and a firewall play a critical role in network security. Despite the size of the network, these two things must be in place to provide total security, not only to the end-user but also to the entire network. Firewall and WAF are often confused as one, actually, they are entirely different. What is […]

Virtual patching or vulnerability shielding is a security policy of the enforcement layer. It analyses transactions, intercepts attacks in transit, and prevents malicious traffic from reaching the web application. The virtual patch does not repair the actual faulty application but intends to establish a partly upstream, additional – security mechanism to prevent the exploitation of […]

Phishing is a form of social engineering where an attacker masquerades as a reliable entity or asset and tries to breach the system by misleading them. Their motivation is to lure the personnel to get hold of sensitive data such as company assets, employee information, financial information, and passwords. Phishing starts with communication that appears […]

Lack of logging and monitoring the threats to the application from time to time causes massive problems. It may lead to compromising the entire system and an untraceable attack. When is it considered Insufficient Logging and Monitoring? Auditable events such as logins failed logins, and logins are not logged Failure of monitoring applications and APIs […]

Usage of third-party software components in the development process may lead to this type of attack. Known components like third-party application frameworks, libraries, technologies that may have exposure to major vulnerabilities.  These kinds of threats are often difficult to exploit and cause serious data breaches. How Can One Be Exposed To These Threats? Not knowing […]

During the development of web applications, some objects need to be transferred. Objects contain a bunch of sensitive information and cannot be transferred directly. It has to be converted into plain text before transferring. This process of converting JSON objects into plain texts is called serialization. The reverse process is called deserialization.  What Is Insecure […]

A cross-site Scripting flaw occurs whenever the attacker makes use of DOM and API to retrieve data or send commands to the application. Cross-site scripting may widen the surface of the attack for the hacker by allowing him to hack user credentials, spread worms, and control browsers remotely. An attacker tricks the web application to […]