X-Frame-Options is a simple HTTP header to define if a website is allowed to be loaded in a frame by browser or not. It provides protection against click jacking attacks where attacker loads the legitimate website either from a malicious website or by embedding HTML frame code in side another website.Continue reading “X-Frame-Options”
HTTP Strict Transport Security(HSTS) is server side response header from web server to browser to force browser to use HTTPS protocol for website and its contents. After getting this response from browser will reach the website on HTTPS connection only till the header defined timeout is achieved .Continue reading “HSTS”
“Chaos engineering” is planning and performing various failure tests on the live production environments to check its high availability, RTO and RPOs. The idea may sound absurd at first and may raise eyebrows of many in your organization. But when implemented right , with proper panning it can keep the organization fully prepared for any critical component/module failure. “Chaos Engineering” by itself is very planned and detailed and involves through analysis of whole organization environment, understanding current RTO and RPO and planning and execute the tests so as to make sure the systems are tested for wide variety of failures. The objective of planning is to cover as many failure scenarios as possible.Continue reading “Chaos Engineering-Part 1”
The threat library, is exactly what it sounds like, is a place to store the threats encountered by your organization or related to your organization and have impact to it. This library is used to store the threat event details, attributes, chronology of events, related files and softwares etc. It’s important for an organization to keep so that if in future if similar incidents occur, old incident can be used for learning and mitigating new event effectively. It also help the organization to assess the threat types and trend observed historically, which in turn helps security teams to understand critical focus areas for threats.
What is CVSS?
Common Vulnerability Scoring System commonly known as CVSS is a framework for scoring vulnerabilities to categories them according to their characteristics and impact, which in turn help us understand which vulnerability need immediate action and which can be scheduled for later to be remediated as per our enviornment.