Thursday, July 11, 2013
Thursday, July 4, 2013
A common delusion is that applications should be secured after they are developed but before deployment to the production environment. Performing a Security Audit after they are completed typically results in a significant amount of Security flaws said Dr. Anup Girdhar, (CEO-Sedulity Groups). Some of these flaws could involve serious technical & architectural issues. In a best case scenario, developers can invest an immense amount of time and effort to fix these flaws. Worst case, the application may require recoding and renovation of its architecture. Performing application security in this manner is incredibly expensive and time consuming. Integrating security into the early phases of the ‘SDLC’ neutralizes this cost and produces more secure applications in comparatively less time.
However, many organizations have not yet formalized their secure software development program and consequently they spend more time reacting to security issues in completed applications rather than pro-actively eliminating issues before the applications are completed. Further, they see the same problems marked themselves time and again in the same applications. This is a clear sign that a strategic approach must be engaged to avoid the endless bug-fix cycle.
Sedulity help organizations to develop a secure SDLC integration program including recommend¬ed policies, guidelines, and knowledge transfer to address the three fundamental areas of people, process, and technology that are critical to a successful development process.
The secure software development gap analysis process can significantly benefit from security reviews of multiple of your applications to create a baseline. This testing could include threat modeling, and penetration testing. Creation of this baseline will allow Sedulity consultants to accurately determine the state of software security within your environment. This in turn helps during the gap analysis and in making recommendations that can truly help your organization improve its software security while still delivering IT projects on time and within budget.
Sedulity Solutions & Technologies will gain a comprehensive under¬standing and analysis of how your development teams work. Thorough interaction, analysis of documented SDLC procedures, and review of any known issues with existing applications, Sedulity Consultants will understand existing practices and be able to identify areas for improvement from a security perspective. A key part of this analysis will include examining existing and proposed touch points and artifacts to identify critical areas for improvement. Sedulity measures the maturity of your application security efforts and helps you determine next steps by evaluating your SSDLC against a baseline of our best practice areas which are as follows:
• Awareness and Training
• Assessment and Audit
• Penetration Testing
• Development and Quality Assurance
• Vulnerability Response
• Metrics and Accountability
• Operational Security etc.
Friday, June 14, 2013
Condition Zebra, an established risk management and critical infrastructure security solutions provider from United States, is hosting its inaugural conference on Governance, Risk, and Compliance (GRC) in Malaysia this August.
“ZebraCON is an information exchange platform with an assembly of industry experts to share on strategic solutions and compliance concerns that impact security risk management,” said Wilson Wong, Managing Director of Condition Zebra. “Unlike a conventional conference covered with vendor-centric presentations, the content of our topics is specially designed to bring out a more engaging and interactive session.”
Kicking off in 27th August, more than 400 GRC professionals and corporate leaders around the globe are expected to gather at the Berjaya Times Square Hotel for this 3-day symposium. The speaker line-up includes Drew Williams (President of Condition Zebra), Dennis Moreau (Technology Strategist at RSA Security), and Jim Manico (Vice President Security Architecture of Whitehat Security), just to name a few.
“Protecting the Payloads: Aligning GRC with Business Priorities” is the theme for this event, it illustrates the importance and strategies to adopt a stronger security solutions across the critical infrastructures to secure the organization’s assets from perilous attacks.
According to a study conducted by PricewaterhouseCoopers, 78% of the organizations anticipate increased board and audit committee demands for evidence of effective compliance. To remain competitive, organizations need an effective system to improve overall compliance objectives and simultaneously, have a clear overview on the distributed access control in their business environment to mitigate risks.
“Every organization is facing the growing security threats caused by dubious business practices. Risks are present and unpredictable, doing nothing will only put the organization in rough water and bring huge damage to its assets when the attack strikes,” said Wong.
ZebraCON will feature insightful GRC strategy and implementation guidelines for policy development throughout the event. A series of expert-led trainings are to follow suit, covering the root cause analysis of GRC challenges to cloud computing, business – translated view of the national security policies as well as the legal considerations of infrastructure preparation.
More information about ZebraCON 2013 is available at http://www.zebra-con.com or you may also visit and contact http://cybertimes.in, and http://sedulitygroups.com to register and avail 20% Discount for the conference.
Tuesday, May 28, 2013
After so many latest and powerful Malware attacks, Corporate industry; more than ever - need to take advantage of Cyber Security in order to test their networks, systems and applications to protect themselves from different Cyber Attacks. To ensure that web based systems and applications are secure requires more than just good design and development. In order to identify vulnerabilities, it is often a good idea to involve an independent body like Sedulity Groups to help find potential security problems before releasing to the public.
Getting Penetration Testing done is the only best practical way for companies (Small, Medium, & Large) to establish the optimum level of security within their networks & systems. Having third parties do this testing is a good way of introducing genuine experts and getting a different view on something said Dr. Anup Girdhar,
CEO of Sedulity Groups. "However it’s also important to make sure that security is the
responsibility of the team, and not something that is outsourced. With the ever-increasing
risk of internal & external Cyber-Attacks to websites, the adoption of new
technologies including virtualization and cloud computing, organizations have
to firstly, identify Cyber Threats and secondly, put control measures in place
to defend themselves from all these Cyber Attacks said ."
Routine IT Audit, is also known as penetration testing which is an essential component for any Corporate to implement the optimum level of security. As computer technology has advanced, organizations have become increasingly dependent on computerized information systems to carry out their operations and to process, maintain, and report essential information. As a consequence, the reliability of computerized data and of the systems that process, maintain and report these data are a major concern to audit.
Penetration testing should go far beyond proving it is possible to break into a system. It should explore the impact of the compromise and give a business answer to the threats an organization faces Dr. Girdhar, said in an interview. A client may not care that a development SQL server is vulnerable – but if that server is joined to the domain, we can demonstrate that it almost always allows an attacker to gain full access to the entire network. Likewise, a vulnerable firewall might not be important if the vulnerability cannot cause loss or embarrassment to the business. This type of analysis will assist you in directing security strategies and efforts. This makes penetration testing a need rather than an optional endeavor.
Sedulity Solutions & Technologies, is the most professional group of IT security Experts and Ethical Hackers involved into various Cyber Security Solutions for Corporate and Govt. Departments like Penetration Testing, IT Auditing, Cyber Crime Investigation, Data Acquisition, Network Security, Server Configurations, Security AMCs, Creation and Hosting of Secure Websites, finding Vulnerabilities and loopholes in the Websites and also provide the Security Countermeasures to overcome the Cyber Attacks. Penetration Testing, services include a comprehensive report which will identify the vulnerabilities, severity levels and also recommends remedial activities as well. These services are suitable for small, middle, and large level companies. The packages are available for a limited time only at the special discounted price..
To get best Cyber Security Solutions for your business or organization, you may contact Team Sedulity.
FOR FURTHER INFORMATION
+91-9312903095 or Email at firstname.lastname@example.org
Friday, May 24, 2013
Today we live in the advanced ‘Cyber Space’ where we all are connected through various means of Communications via using Internet. More than 99% internet users visit lot of websites includes Social Networking, Email Services, E-Commerce, Banking etc. where we pass our User Names & Passwords many a times each day. At the same time the problems of ‘Cyber Crimes’ are also rising up where most of the problems are related to the Hacking of the User Names and password. Today if we see, most of the websites are on http instead of https which is supposed to be a much secure protocol. That extra "S" in the URL means that your connection is secure and it's much harder for anyone else to see what you're doing. However, the question is that if HTTPS is more secure, then why doesn't the entire Web use it for security reasons?
HTTPS is used only by those sites that handle money, like your bank's website or shopping carts that requires financial information like Credit Card details or the Online Bank Details. For example if we talk about the websites of Banks, it is mandatory for every Bank to implement https on their website, as per the RBI guidelines. It is easy for anyone to capture your current session's log-in cookies in any insecure networks like your College/ Office hotspot or public Wi-Fi at the restaurants.
You might not mind anyone reading your messages on twitter or so. However, you never prefer anyone sniffing your User Name & Password. That’s why Twitter has announced a new option recently to force to HTTPS connection. However, it is available only for the Desktop Browsers and not available for the Mobile Browsers which is another issue.
Slowly and gradually the websites are moving on HTTPS but why not entire web should move towards it? That’s the question that was put in front of Dr. Anup Girdhar, (CEO-Sedulity Groups) during an interview. There are lot of issues due to which it’s taking lot of time to move from http to https completely. The major problem is the high cost which is to be paid to get the secure Certificate due to which most of the vendors do not prefer to move to https. The another problem which is also encountered is the slow performance hit when using https, said Dr. Girdhar.
Moreover, if you calculate the cost of running the https site, it is expensive as compare to the http site. An https website doesn’t work because it requires good Broadband speed and should be the Browser Compliant. It is possible with the Man-in-the-middle attack to crack the password on http sites, where https websites are comparatively more secured. However, the hackers are so advanced that they’ve even hacked the https websites as well, which has become the another security constraint for the W3C. Certain add-ons and plugins are available which simply recover the username & password from the https websites as well. I have demonstrated the same in one of the International conferences held at Singapore, said Dr. Anup Girdhar.
If we measure, the reasons can be taken care of with providing optimum level of solutions in order to get secure connections. So we need to look broadly that if https will be implemented completely, how well it safeguard our websites and protect our data.