Author name: Pavan Gumaste

Pavan Rao is a programmer / Developer by Profession and Cloud Computing Professional by choice with in-depth knowledge in AWS, Azure, Google Cloud Platform. He helps the organisation figure out what to build, ensure successful delivery, and incorporate user learning to improve the strategy and product further.

AWS Certification : How to set up CloudTrail?

Amazon Web Services / By

We have launched AWS Certified Solutions Architect Associate certification exam which is the basic level of AWS certifications. As part of training AWS certification topics, we have started writing important topics that are useful for preparing for the aws certification exams. In this articles, we are writing about AWS CloudTrail logs, these topics are part of the security in Amazon Web Services (AWS). Here is the snapshot of the exam blueprint. Exam Objective This topic addresses the Data Security topic as highlighted in the AWS Blueprint for the exam guide. Click here to view it. AWS CloudTrail is a service […]

AWS Certification : How to set up CloudTrail? Read More »

AWS Certification : Ingress vs. Egress Filtering (AWS Security Groups)

Amazon Web Services / By

We have launched AWS Certified Solutions Architect Associate certification exam which is the basic level of AWS certifications. As part of training AWS certification topics, we have started writing important topics that are useful for preparing for the aws certification exams. In this articles, we are writing about Ingress vs Egress, these topics are part of the security in Amazon Web Services (AWS). Here is the snapshot of the exam blueprint. What are AWS Security groups? In AWS, there is a security layer which can be applied to EC2 instances which are known as security groups. Security groups comprise of

AWS Certification : Ingress vs. Egress Filtering (AWS Security Groups) Read More »

AWS Solutions Architect Associate Exam SAA-C03

How to Prepare for AWS Solutions Architect Associate Exam?

Amazon Web Services / By

If you are preparing for AWS Solutions Architect Associate Exam certification then it tests your knowledge of AWS services and how to use them to design and deploy solutions. In this article, you will learn how to prepare for the AWS Solutions Architect Associate exam. In the current scenario, this certification is the most popular and demanded certification exam globally. If you are planning to start your career in cloud computing, then you should plan to pass this exam. According to a recent survey, this certification leads to the highest-paid industry certifications. An AWS Certified solutions architect may earn an

How to Prepare for AWS Solutions Architect Associate Exam? Read More »

What is Shodan?

News & Updates / By

Having a life without ‘Google’ is hard to imagine today. We would be lost without the popular search engine in our lives. The popular retort “Google it” is always on our lips for any query posed by anybody. While Google searches for web sites, there is another search engine that is slowly gaining prominence. This is ‘Shodan’. ‘Shodan’ is a search engine for ‘IoT’ or ‘Internet of things’. Internet of things or ‘IoT’: Before we start discussing ‘Shodan’ let us first explain ‘IoT’. Recall, that we have already discussed ‘IoT’ in an earlier post. ‘Internet of things’ can be defined

What is Shodan? Read More »

What is Web application Security – Part 3

News & Updates / By

‘Web application security’ is part of the ‘Web component developer’ exam and we have already seen two posts relating to it. Recall, that we have already discussed the four authentication methods and the web resource collection element which is part of the authorization. We conclude the discussion of ‘Web application security’ by talking about the authorization constraint and user data constraint in this post. The different authorization constraints: Authorization is giving authenticated or unauthenticated roles access to restricted resources. Let us consider the first type of authorization constraint. Here, roles such as ‘Super user’ and ‘Normal user’ are allowed to

What is Web application Security – Part 3 Read More »

Godless’ Android malware

News & Updates / By

‘Security’ aspects touch all our lives in some way or the other. We would have been victims of security hack at one time or other. Phishing emails, fake social media profiles, credit card fraud – some of these events may touch us in one way or the other. It is a good idea to prevent against these attacks by being up-to-date on the current Infosec incidents and knowing the ways to avoid them. With that thought in mind, we will discuss the ‘Godless’ malware in today’s post. Android devices: With mobile phone and device usage reaching unprecedented levels, it is

Godless’ Android malware Read More »

Cryptography

News & Updates / By

‘Cryptography’ is the ability to hide messages from intermediate persons and ensure effective and secure communication between different parties. ‘Cryptography’s’ origins can be traced back to 2000 B.C. Egypt (when hieroglyphics were used) and to the time of Julius Caesar where alphabets were shifted to encrypt a message. We also see various instances of cryptography in movies such as ‘The Da Vinci code’, ‘The Imitation game’, ‘Pi’, ‘Enigma’ among others. We will see the two different types of encryption – symmetric and asymmetric algorithms and primarily focus our discussion on the symmetric algorithm. Introduction: The key terms that are associated

Cryptography Read More »

Web application Security – II

News & Updates / By

We have already seen a few basics of web application security in Java in an earlier post. We will continue this post by extending the same discussion. We will discuss the two remaining authentication mechanisms followed by authorization. CLIENT-CERT AUTHENTICATION: The CLIENT_CERT authentication method is yet another way of authenticating the user. Compared to the BASIC and FORM based authentication, this is the most secure form of authentication.  Here the server authenticates the user by checking their public key certificate. The public key certificate is generated by an issuing authority such as the ‘certificate authority’ (CA) The CLIENT-CERT authentication uses

Web application Security – II Read More »

Two Factor Authentication

News & Updates / By

We have already read about ‘authentication’ and its role in security domains and software technologies.  Defining authentication yet again, ‘Authentication’ is specifying who you are to access protected resources. We will elaborate this concept to discuss 2FA or ‘Two factor authentication’ in this blog post. Why 2FA? Before we see what is meant by 2FA, let us see the reasons behind implementing 2FA. Data breaches are not new but the magnanimity of the breaches is growing each year. In 2014 alone, more than 1 billion personal records were accessed illegally. (zdnet.com)The ‘Anthem’ data breach, the IRS data breach are the

Two Factor Authentication Read More »

Web Application Security

News & Updates / By

Securing web applications in Java involves the very same core security concepts that are known to every InfoSec professional. These concepts and understanding the different authentication mechanisms for the ‘Web component developer’ exam forms the basis of this post. This post assumes knowledge of servlets, deployment descriptors and the servlet life cycle. The four security mechanisms: There are four basic security mechanisms that come into play when securing web applications. They are authentication, authorization, confidentiality and data integrity. Authentication is verifying who you really are. Specifying a name and password is one form of enforcing authentication. Authorization is giving individuals

Web Application Security Read More »

Scroll to Top