Monday, November 11, 2013
Tuesday, November 5, 2013
Information Security Guide for Parents - Part 2
3. Intro to Online Security
Nowadays online information security plays a vital role in our day to day life. Especially the social media have gone main-stream among the teenagers. Starting from sharing personal information with your friends and connecting with new people and social networking facilities have been trending.
First let’s see what the cyber space is and information security?
Cyber space can be called as a network of networks where we can store and share information and other resources. Nowadays teenagers are addicted to surf the internet which is a part of cyber space for various activities such as educational use, social networking, downloading iTunes or even to play an online game. The data which children enter in these online activities are considered as information and depending on the type of data which is visible children are vulnerable to exploitation and harm by criminal such as computer sex offenders.
While posting the personal data online users are vulnerable for threats, therefore let’s consider the rising threats which are coupled with these trends and the article will highlight how to mitigate these attacks.
How do criminals gather information and use the information to their advantage?
Cyber Stalking using sources such as social media criminals target children and gather information about their personal information such as age , name , school , pictures and videos, social gathering places and upcoming events , interests , music , hobbies. The data will be used to qualify targets and then gradually seduce the targets using attention, affection and even gifts.
First of all let’s dig into the social network. People post sensitive data such as pictures, connect with strangers, chatting and messaging strangers that you have never met before. Anyone with a malicious intention can deceive children and tempt them to revile sensitive personal data, which will be used for scams and even blackmailing children. So let’s see how we can mitigate this. First of all control the visibility of your sensitive data. Do not revel sensitive data in the public domain, use the data visibility option in social networks to protect your private data and stop listing it in search engines for public access. Also it is very important to be concern whom do the child add on social networks as a friend. Best practices do not add strangers. Most of the social network attacks are based on deception which is also called as Social Engineering. This can be used to perform identity thrift.
For an instance if the criminal was able to social engineer the child to double click a file which was sent by him, it will automatically install a key logger in Childs personal computer. The criminal will be able to monitor every key stoke typed by the child , all the password the child enter and list of all the web site the child visit. This will be serious threat to the child because looking at the key log information the attacker can use it to blackmail the child, use for cyber bulling, seduce the child or use the Childs user account such as social media account to spread the key logger among the Childs friend list.
Also some criminals use the social media to get in touch with children. Then gradually seduce the targets using attention, affection and even gifts while spending considerable amount of time and money in the process. They will spend time to listen and empathize to problems of the children to build trust. Then gradually introduce sexual content to their conversation by exploring the curiosity of the children for sexuality and sexually explicit materials. Then use the conversations and the materials sent by the child such as nude picture for blackmail or even cyber bulling.
The power and danger of social media and cyber bulling, as sexually explicit or other humiliating pictures or videos spread like wildfire with a click of a mouse.
One in six US children aged 12 to 17 have received a sexually suggestive nude or nearly nude photo or video of someone they know, a recent study by the Pew Research Center found.
And the Crimes against Children Research Center estimated that police investigated nearly 3,500 cases of youth-produced sexual images in 2008 and 2009. [2]
Monday, October 28, 2013
Impotent Links
1. http://cxsecurity.com/
Site 1 of World Laboratory of Bugtraq 2 (WLB2) is a huge collection of information on data communications safety. Its main objective is to inform about errors in various applications.
2. Cyber Attack Map
http://map.ipviking.com/
3. kaspersky Cyber heat Real time MAP
http://cybermap.kaspersky.com
Sunday, October 20, 2013
infosec-tools
Tools
1. Digital Attack Map - World Map Shows Every Denial Of Service Attack Happening Right Now In Real Time
2. Cyber Attack Map
4. IP Tracker with map & Search
1. Digital Attack Map - World Map Shows Every Denial Of Service Attack Happening Right Now In Real Time
2. Cyber Attack Map
4. IP Tracker with map & Search
Sunday, September 22, 2013
Wednesday, September 4, 2013
Cyber Crime Investigation - Email Scams
Analysis of the Email header
Analysis of original
ip
Content-Transfer-Encoding: 7bit
X-Originating-IP:
[105.200.97.33]
X-Mailer: Zimbra 7.1.4_GA_2555 (ZimbraWebClient - GC28
(Win)/7.1.4_GA_2555)
Content-Length: 2063
A cisco service is used to analyze the domain reparation and
the black listed activities of the domain
The domain is black listed in the CBL because it's
participating in a botnet. (kelihos spambot)
IP Address 105.200.97.114 is listed in the CBL. It appears
to be infected with a spam sending trojan, proxy or some other form of botnet.
It was last detected at 2013-08-15 13:00 GMT (+/- 30
minutes), approximately 5 days, 16 hours, 59 minutes ago.
This IP is infected (or NATting for a computer that is
infected) with the kelihos spambot. In other words, it's participating in a
botnet.
The Kelihos botnet was first discovered around December
2010.[2] Researchers originally suspected having found a new version of either
the Storm or Waledac botnet, due to similarities in the modus operandi and
source code of the bot,[3][4] but analysis of the botnet showed it was instead
a new, 45,000-infected-computer-strong, botnet that was capable of sending an
estimated 4 billion spam messages a day.[5][6] In September 2011[7] Microsoft
took down the botnet in an operation codenamed "Operation b79".[5][8]
At the same time, Microsoft filed civil charges against Dominique Alexander
Piatti, dotFREE Group SRO and 22 John Doe defendants for suspected involvement
in the botnet for issuing 3,700 subdomains that were used by the botnet.[8][9]
These charges were later dropped when Microsoft determined that the named
defendants did not intentionally aid the botnet controllers.[10][11]
In January 2012 a new version of the botnet was discovered,
one sometimes referred to as Kelihos.b or Version 2,[1][6][7] consisting of an
estimated 110,000 infected computers.[1][12] During this same month Microsoft
pressed charges against Russian citizen Andrey Sabelnikov, a former IT security
professional, for being the alleged creator of the Kelihos Botnet
sourcecode.[11][13][14] The second version of the botnet itself was shut down
by it in March 2012 by several privately owned firms by sinkholing it – a
technique which gave the companies control over the botnet while cutting off
the original controllers.[2][15]
Following the shutdown of the second version of the botnet,
a new version surfaced as early as 2 April, though there is some disagreement
between research groups whether the botnet is simply the remnants of the
disabled Version 2 botnet, or a new version altogether.[16][17] This version of
the botnet currently consists of an estimated 70,000 infected computers. The
Kelihos.c version mostly infects computers through Facebook by sending users of
the website malicious download links. Once clicked, a Trojan horse named
Fifesoc is downloaded, which turns the computer into a zombie, which is part of
the botnet.[18]
Analysis of the domain
This enables you to send a mail by manipulating the mail
server if the mail server is configured as a relay.
So the send have manipulate the shaw.ca(Return-Path: <njmedley@shaw.ca>) mail server to hide
his identity and also have the motive to either spread a botnet or it might
just be a scam which he intend to carry out. But by the looks of the origin of
the mail and the originated email address I suspect the intention is to use my
pc as a bot net.
Rebecca Brown <rebecca_brown47@yahoo.com.ph>
: ph stands for Philippine
X-Originating-IP: [105.200.97.33]
21 August 2013
105.200.97.33
ISP: Etisalat Misr
Misr, Al Qahirah (11), Egypt
Lat: 30.05 Lon: 31.25
105.200.97.33
ISP: Etisalat Misr
Misr, Al Qahirah (11), Egypt
Lat: 30.05 Lon: 31.25
I have receive it from njmedley@shaw.ca but the return path have been altered to rebecca_brown47@yahoo.com.p so when i reply the mail will b received by this yahoo account.
Return-Path: <njmedley@shaw.ca>
Reply-To: Rebecca Brown <rebecca_brown47@yahoo.com.ph>
So looking at the facts my conclusion will be this
Dear Friend,
Sir, My name is Eng. Rebecca Brown. I am from a state called Texas in US; I am indeed a single mother. I am a petroleum engineer with Shell Petroleum, US government contracted me few years ago and I was posted from Mexico ocean to Iraq, this is my 5nd year here in Baghdad IRAQ. I am the engineer testing and checking the oil given to the white house by Iraqi government. My signature and reports play a vital role between USA and Iraqi government in the area of crude oil.
Some US diplomats and Iraqi oil minister Abdul Karim Luaibi with some top Iraqi government officials made some crude oil deal worth hundreds of millions of dollars and my role was needed to cover up the deal. I was given a total sum of $10 million dollars the money was moved out of Iraq through Diplomatic means.
This $10 million dollars sealed and locked in a metal Box with codes known to me only was moved out of Iraq because we are not allowed by US government rules to engage in such deal, this is the reason I want you to partnership with me and stand to receive this money on my behalf in your home country. The company that moved the money out of Iraq will transfer the BOX to your desired destination.
Sir, I will offer to you a total sum of 10% of the total amount for receiving the Box and keep with you till my arrival to meet with you to discuss other possible business. You must keep this conversation as TOP SECRET between both of us.
If you accept this proposal I will only needs the followings:-
(1) Full Name
(2)Your current address
(3)Your private telephone number
(4)Your position at work place
(5)Your international passport copy or current driving license
As soon as I get all this information I will process a document and sent to you and I will send a copy to the company introducing you to the company as my only partner and to release the Box to you.
The whole process is simple and risk free but we must maintain low profile and obey rules of confidentiality.
Best Regards
Your friend & partner
Eng. Rebecca Brown
Analysis of the Email
Dear Friend,
Sir, My name is Eng. Rebecca Brown. I am from a state called Texas in US; I am indeed a single mother. I am a petroleum engineer with Shell Petroleum, US government contracted me few years ago and I was posted from Mexico ocean to Iraq, this is my 5nd year here in Baghdad IRAQ. I am the engineer testing and checking the oil given to the white house by Iraqi government. My signature and reports play a vital role between USA and Iraqi government in the area of crude oil.
Some US diplomats and Iraqi oil minister Abdul Karim Luaibi with some top Iraqi government officials made some crude oil deal worth hundreds of millions of dollars and my role was needed to cover up the deal. I was given a total sum of $10 million dollars the money was moved out of Iraq through Diplomatic means.
This $10 million dollars sealed and locked in a metal Box with codes known to me only was moved out of Iraq because we are not allowed by US government rules to engage in such deal, this is the reason I want you to partnership with me and stand to receive this money on my behalf in your home country. The company that moved the money out of Iraq will transfer the BOX to your desired destination.
Sir, I will offer to you a total sum of 10% of the total amount for receiving the Box and keep with you till my arrival to meet with you to discuss other possible business. You must keep this conversation as TOP SECRET between both of us.
If you accept this proposal I will only needs the followings:-
(1) Full Name
(2)Your current address
(3)Your private telephone number
(4)Your position at work place
(5)Your international passport copy or current driving license
As soon as I get all this information I will process a document and sent to you and I will send a copy to the company introducing you to the company as my only partner and to release the Box to you.
The whole process is simple and risk free but we must maintain low profile and obey rules of confidentiality.
Best Regards
Your friend & partner
Eng. Rebecca Brown
Looking at the above highlighted texts,
Use of unusual sentences – I am indeed a single mother
Misspell 5th as 5nd
The suspicious amount of cash been offered
Requesting your sensitive personal data such as copy of your
international passport, driving license also the other highlighted data such as
address and full name.
It’s very easy to identify such a scam by looking at its offering,
grammar and saplings mistakes. Ones you receive such an email think logically,
would anyone in the world offer such cash or valuables for free? Will this be
risk free? At this point itself you should be able to identify the scam. By
looking at the above scam mail, the simple unusual way of expressions and saplings
error clarifies us that the mail was not drafted by an American also the person
who drafted the mail is not a native English speaker. So as the ip address suggested
X-Originating-IP: [105.200.97.33]
21 August 2013
105.200.97.33
ISP: Etisalat Misr
Misr, Al Qahirah (11), Egypt
Lat: 30.05 Lon: 31.25
105.200.97.33
ISP: Etisalat Misr
Misr, Al Qahirah (11), Egypt
Lat: 30.05 Lon: 31.25
There is a possibility this mail is generated from 105.200.97.33
Egypt.
This should be either a scam to collect sensitive data to
use in a fraud such an identity thrift, Credit Card fraud or they might infect
the computer to use it as a botnet to conduct DDOS attacks and just install a key
logger to gather personal details.
This are the most possible attacks by analyzing the behavior
of the scam mail but until I gather further details I cannot pin point the
motive behind this scam mail. Hope this provide the readers an insight to avoid such attacks which are usually coupled with social engineering.
Saturday, August 24, 2013
About me
Shariyaz Abdeen
I am a Technical Project Manager with 11 years experience managing medium to large scale Software Development and Cloud migration project who has a keen interest in Information security, cloud Infrastructure migration.
I bring a unique set of skills and expertise to the table. My passion for Information security has driven me to stay up to date with the latest trends and technologies in the field, allowing me to effectively manage and protect sensitive information. Additionally, my experience in cloud Infrastructure migration has allowed me to streamline processes and ensure seamless transitions to new systems. These skills, along with my software development background, make me who I am.
I am a Technical Project Manager with 11 years experience managing medium to large scale Software Development and Cloud migration project who has a keen interest in Information security, cloud Infrastructure migration.
I bring a unique set of skills and expertise to the table. My passion for Information security has driven me to stay up to date with the latest trends and technologies in the field, allowing me to effectively manage and protect sensitive information. Additionally, my experience in cloud Infrastructure migration has allowed me to streamline processes and ensure seamless transitions to new systems. These skills, along with my software development background, make me who I am.
Wednesday, August 7, 2013
Jokes
Have a Laugh - Jokes just for fun
When i am stressed out , i read a joke to Cheer me up. This is just for fun.
Joke 1
When i am stressed out , i read a joke to Cheer me up. This is just for fun.
Joke 1
The pope was really late for a meeting with George Bush because his flight was delayed. At the airport he caught a cab and told the driver to hurry up. The driver says "sir I can’t go over the speed limit" so the pope swaps seats and the pope starts driving fast until he was pulled over by a cop. The cop rolls down the window and he is shocked. He reports to his superior that he has stopped a car with somebody really important in it.
Headquarters: is he as important as George Bush?
Cop: yes.
Headquarters: is he more important than George Bush?
Cop: yes.
Headquarters: just how important is he?
Cop: I’m not very sure but he’s certainly important enough to have the pope driving him around!
Joke 2
Joke 3
I find it funny when kids do this
Joke 4
Joke 2
I find it funny when kids do this
A young Programmer and his Project Manager board a train headed through the mountains on its way to Wichita. They can find no place to sit except for two seats right across the aisle from a young woman and her grandmother. After a while, it is obvious that the young woman and the young programmer are interested in each other, because they are giving each other looks. Soon the train passes into a tunnel and it is pitch black. There is a sound of a kiss followed by the sound of a slap.
When the train emerges from the tunnel, the four sit there without saying a word. The grandmother is thinking to herself, “It was very brash for that young man to kiss my granddaughter, but I’m glad she slapped him.”
The Project manager is sitting there thinking, “I didn’t know the young tech was brave enough to kiss the girl, but I sure wish she hadn’t missed him when she slapped me!”
The young woman was sitting and thinking, “I’m glad the guy kissed me, but I wish my grandmother had not slapped him!”
The young programmer sat there with a satisfied smile on his face. He thought to himself, “Life is good. How often does a guy have the chance to kiss a beautiful girl and slap his Project manager all at the same time!”
Joke 5
Joke 6
Joke 7
Joke 8 - TCP Joke - Specially for Network Engineering Geeks
Joke 9
Joke 10
I am naming jokes as joke 1 , joke 2 ... etc is the Biggest joke :D
Nowadays funny Job Applicants.
Joke 5
Joke 7
Joke 8 - TCP Joke - Specially for Network Engineering Geeks
I am naming jokes as joke 1 , joke 2 ... etc is the Biggest joke :D
Nowadays funny Job Applicants.
Thursday, August 1, 2013
Information Security Guide for Parents - Part 1
Online Information Security Guide for Parents
Nowadays Information security plays
a vital role in our day to day life. Especially the social media have gone
main-stream among the teenagers. Starting from sharing personal information
with your friends and connecting with new people, online banking, and online
shopping have been trending. While posting the personal data online users are
vulnerable for threats, therefore let’s consider the rising threats which are
coupled with these trends and the article will highlight how to mitigate these
attacks.
First of all let’s dig into the
social network. People post sensitive data such as pictures, connect with
strangers, chatting and messaging strangers that you have never met
before. Anyone with a malicious intention can deceive people and
tempt them to revile sensitive personal data, which will be used for scams and
even blackmailing people. So let’s see how we can mitigate this. First of
all control the visibility of your sensitive data. Do not revel your sensitive
data in the public domain, use the data visibility option in social networks to
protect your private data and stop listing it in search engines for public
access. Also it is very important to be concern whom do you add on social
networks as a friend. Best practices do not add strangers. Most of the social
network attacks are based on deception which is also called as Social
Engineering. This can be used to perform identity thrift and steal your
virtual presence.
When we look into online payment
fraud, credit card fraud, banking fraud and social network password hacking
attempts a technique called phishing is frequently used. The base of this
attack is creating an identical web page of the original web site and tricking
the user to enter the user credentials such as the username and the password. For
instance you will receive an email from facebook which contains a link to win a
free iPhone. The temptation is irresistible so the users will click the link
and it will land into a page which is similar to facebook and the user will
enter the user’s credentials, which is accounted by an attacker.
To mitigate this we have to click
links with caution. Also by analyzing the URL we can easily segregate the fake
facebook login page from the original. ( http://www.facebook.com) because even
though the attacker can create an identical page they cannot manipulate the
URL. Couple of other factors to consider while doing an online payment is to
look whether the URL changes for HTTPS, which is a secure socket layer. So the
data transfer between the server and your PC such as bank logins, credit card
detail is encrypted. The attacker who uses to monitor your internet traffic
using an attack such as sniffing will not have access to your bank login or
credit card details. We can use some core level guidelines such as installing a
viruses guard and updating it frequently to shield your data against viruses,
Trojans houses and worms. Also using strong passwords or making your password
bomb proof will protect you from brute force attacks. To strengthen the
passwords use at least one upper case, one lower case, one number and special
symbol character while exceeding the password length of 8 characters.
No system is perfect in fact only
way to make it safe by locking the computer in a safe and barring it
underground.
1. Introduction for parents on online child safety
Internet has become the information
highway of a teenager’s day to day life. While internet opens the doors for
many opportunities to learn and share knowledge, it also opens a gateway to
access content which will harm the child such as pornography, illegal
communities or illegal content with a click of a mouse. Also internet will be
the ideal place where a stranger can introduce himself and keep in touch very
easily using the social networks, chat and any VOIP (Voice over Internet
Protocol) facility such as Skype or email. There is nothing wrong surfing
the internet but parents and children should be aware of what lies beyond the
browser. On the other hand, the internet enables them to make new friends who
are situated in distant places, and remain in touch with old friends. It
encourages shy people to come out of their shell. This would also indirectly
equip them to appreciate people around them. Research on these two paradoxical
views has shown that the internet did not undermine social and communication skills
development.
Children should be aware of the
information they are submitting to the web sites and the standard that should
follow by the organization. Especially children should go through the data
assurance and privacy policy of the web site before disclosing personal
information. This is very important because most of the social networks gather
personal data of individuals and sell them to third party vendors, who will use
the information as a part of their marketing strategy.
What are your responsibilities in
protecting your personal data?
· Think before disclosing your information, and think again.
· Never give your bank account or password information when
the conversation was not initiated by you.
· Only disclose information that is needed by the
organization.
· Question why someone might ask for your particular personal
information.
What are your rights? [1]
You have the right to:
· Obtain a copy of all of the personal information that an
organization holds about you. You may need to pay a small fee to the
organization
· Choose not to receive direct marketing information. You can
request this by writing to the organization concerned.
· Have incorrect, misleading or out-of-date personal
information about you corrected.
· Know whether an organization, or someone acting on their
behalf, is processing personal information about you.
· Know what information is being processed, why it is being
processed and to whom it may be disclosed.
· Know where an organization received its information about
you.
5. Reference
Monday, July 8, 2013
Data Leakage Prevention
Securing Organizations Confidential Data with Data Loss
Prevention Systems
Data leakage prevention is one of the key topics which
we have been talking in present. Due to the organizations moving towards big data,
financial systems, ERP and other data storage solutions which resides in cyber space, we
have seen increasing number of frauds associated with the technology revolution
in the cyberspace. It’s all about data.
This post highlights the threats and the counter measures, so
we can protect the sensitive personal data. I prefer the approach of “ Trust but
verify model ”. Because if the statistics are speaking most of the
malicious attacks are carried out with the involvement of the internal users.
Therefore we have to protect the data aligning with the security standards and
countries privacy laws. In my point of view there should be a
balance between security measurements and privacy.
Potential Threats
ID Theft Tops FTC's List of Complaints
•
For the 5th straight year, identity
theft ranked 1st of all fraud complaints.
•
10 million cases of Identity Theft annually.
•
59 percent of companies have detected some
internal abuse of their networks
Top 10 Most Frequent Incidents
- Patient
PHI sent to partner, again, and again
- Employee
401k information sent outbound and inbound
- Payroll
data being sent to home email address
- Draft
press release to outside legal council
- Financial
and M&A postings to message boards
- Source
code sent with resume to competitor
- SSNs…and
thousands of them
- Credit
Card or account numbers….and thousands of them
- Confidential
patient information
- Internal
memos and confidential information
Data Loss Prevention - Three Key Customer Challenges
- Where
is my confidential data stored?–
Data at Rest
This address the data storage and databases. - Where
is my confidential data going?–
Data in Motion
This address the data leakage protection which is done in the network layer. - How
do I fix my data loss problems? – Data Policy Enforcement
Why Data Loss Prevention is a Priority
•
Compliance
•
Brand and Reputation Protection
•
Remediation Cost
Unified Data at Rest and Data in Motion Protection
DLP Solutions
Now let’s consider the solution are available to mitigate this and secure your data. DLP solution are one of the sophisticated tool which can use to protect data while having insight of your data. Below I have add some market leading DLPs and some of the features which caught my eye. Mainly most of the DLP have the same features but depending on the vendor the products maturity and few features changes. Mainly in almost in all DLPs the data leakage protection is broken in to three layers. It is the network data protection, storage data protection and endpoint data protection.
Definition
of Data Loss Prevention
Products that, based on central policies, identify, monitor, and
protect data at rest, in motion, and in use, through deep content analysis.
-Rich
Mogull of Securosis
Identify where holes or exit points where leaks may occur
Instant messaging (Yahoo Instant Messaging, Windows Live)
P2P file sharing (e.g. LimeWire case as reported by LA
Times)
Media streaming
Web mail (Yahoo mail, Gmail, Hotmail)
USB storage devices (ZDNet story from UK)
Removable drives
Devices connected through external ports (Firewire, serial,
parallel)
FTP server
Printouts
How data are flagged and identified
Initial predefined policies
Social security numbers
Prescribed in HIPAA, SOX, GLBA, etc.(Bank account numbers,
Credit card numbers)
Customized categories based on client needs
Data Discovery
Looks into the content and not just the file type
Examine context considerations (factor in parent
directories, user group matching)
Structured data matching (SSN, credit card numbers, etc)
Unstructured data matching (diagrams, source codes,
media files)
Fingerprint the data by using one way hash and saved in the
database
Information can then be used to identify confidential data
elsewhere
Three different levels of DLP solution
Data in Motion
Data which uses HTTP, FTP, IM, P2P and SMTP protocols are
mirrored in the DLP server for inspection where visibility is enhanced
Data at Rest
Data in file servers, databases, hosts computers set for
file sharing, etc.
Data at End Points
Data which sits on end user hosts (workstations and
notebooks)
Technical Feature Considerations
Deep content analysis, monitoring and prevention
Identification and blocking capability
Centralized Management
Central policy setting, dashboard features
Broad content management across platforms and ease of
Integration
Review of information infrastructure including software for
requirement and compatibility issues
Automated remediation
Transfer confidential files, LDAP lookup, secure purging of
sensitive data
Business Environment Considerations
Matching with Business Need
Matches defined business need over feature allure
Market Presence
Major presence in the market, financial industry experience
Staffing Needs
Staffing considerations to handle additional
responsibilities
Email Security with DLP
End point Security with DLP
Nowadays DLP Solutions have couple of interesting technologies to provide endpoint Data Leakage prevention methods to assist the upcoming endpoint technologies such as BOYD (Bring Your Own Device).
The below setup is an example of how we can configure endpoint security to the mobile devices in your company network. But to function properly your excising proxy server should support the https decryption. Proxies such Squid, ISA don't support https decryption.
The below setup is an example of how we can configure endpoint security to the mobile devices in your company network. But to function properly your excising proxy server should support the https decryption. Proxies such Squid, ISA don't support https decryption.
DLP Vendor Comparison
Trust but Verify - Threat modeling
At the end of this blog i would like to remind you that DLP another example for the Trust but Threat Verify model as OWASP Threat modeling says. But again we should carefully analyse the pros and cons of the solution before implementing.
Subscribe to:
Posts (Atom)