Security Diaries All About Security

When it comes to forensics certain ways have been defined to help investigators to perform their investigation. In this article, we are going to discuss a similar framework called the OSCAR framework. Whether it’s an IT incident or a physical incident, the OSCAR framework will help you how to perform an investigation.  OSCAR stands for Obtain, Strategize, Collect, Analyze and …

We have seen that there is a lot of noise going around CVSS as FIRST has launched version 4.0 and in this article, I would like to discuss what is CVSS and how it evolved. What is CVSS CVSS stands for Common Vulnerability Scoring System. NIAC unveiled it on 23 February 2005. The purpose of CVSS is to provide a …

CVSS is the scoring system managed and launched by the Forum of Incident Response and Security Teams(FIRST) but started by the National Information Assurance Partnership (NIAP) Here is the infographic that explains the journey of CVSS from birth to what it is today. I am going to write a detailed guide on how versions changed and what information was added …

When it comes to information security there are many standards, guides, frameworks and terminologies that you must learn to understand Infosec better. In this guide, I will help you understand the difference between two Acronyms that we use every day and also help you to understand when to use what. What is CVE? CVE stands for Common Vulnerabilities and Exposures …

What is RASP? RASP stands for Runtime Application Self Protection, it is a technology that secures applications in runtime. RASP starts whenever any application configured with RASP executes and it protects the application in real-time. RASP intercepts all the calls between the app and the system validates them and makes sure they are secure. Whenever there is a security incident …

Ask anyone who has a website, the worst thing that could happen to his/her website is malware.  What is malware? Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network. Once any device is infected with malware the controller will have full control of the infected device. Again there are lots of conditions …

If you are working in some IT company and if your company infrastructure is using windows, then there is a high chance that you are on windows AD. Active Directory is windows service which runs on windows servers and helps administrators to manage the windows devices in the network. Basically, the point of AD is to manage all the windows …

In this article, we are going to discuss the permissions in windows. I am not going to in-depth analysis but what I will try to do is to give an overview of how windows handle permissions. This is going to help you in privilege escalation of windows. These are the list of things that we will be discussing: User accounts …

XFO also know as X-Frame Options, if you are a web developer or aspirated to be one, security analyst then you might be hearing about X-Frame options. If you don’t know what it is and what is its role in security, then just hold on to the article. In this blog, I will be discussing what are X-Frame options, how …

DevOps is the thing that every organization is looking up to from the last half-decade and almost all tech giants are following that even there are startups which made millions providing solutions on DevOps but then what’s next? What’s next big thing after DevOps and then it comes DevSecOps. What is DevSecOps? DevSecOps is nothing but adding security to DevOps. …