Security Attacks Associated With Session Misconfiguration

When application have authentication feature then it is very important to manage the session securely. There are multiple vulnerabilities occurs due to misconfiguration of session. Mainly application manages the session via cookie which we can also say session ID. A session ID is a unique number assigned to identify a user accessing a web application. The application usually creates a session cookie and session ID for each valid session, and these cookies can contain sensitive data like username, password, etc. It is important to maintain the confidentiality of a session ID so other users or attackers do not use it to access the same account. On logout and on browser close event session cookie should be invalidated at server, so that it can not be reuse and for each session there should be new cookie.

Web Cookies and its Legal Facet

Most of the experienced web visitors and even new visitors are now familiar with the use of cookies these days. Cookies are small data files that are being put on your hard drive by Websites when you visit them. They install cookies into your system for many different reasons. One of them is to identify you as a distinctive visitor by identifying your Web browser software. When your return to the Web site that has stored a cookie, it will search your computer for those cookies, and they will know past activities. It may also update your previous cookie. This way the site can customize its contents depending on previous activities. It will also allow the site to provide customized news, weather, sports information, and many other things based on stated interests. In theory, a cookie only transmits information back to the Web site that put it there and can’t be accessed by other parties. But some Internet advertising companies had crossed the limits of using their own cookies. These companies use cookies to create highly sophisticated profiles of online visitors, most of the time without visitors’ knowledge and usually without their consent.

A Methodology for Development and Verification of Access Control System in Cloud Computing

In Cloud Computing, the feature of multi-tenancy gives privacy, security and access control challenges, because of sharing of physical resources amongun-trusted tenants so, a suitable encryption technique with key management should be applied before outsourcing the data. In this paper we develop the methodology of policy based file access using attribute based encryption with cipher text scheme to secure the storage and sharing the cloud data with the cloud user. In this we also discuss the policy of revocation for file assured deletion so that no one can recover the deleted file from cloud and also discuss the policy for access to data storing centre so that the right user will access the right file in cloud.

Information Security Attacks And Their Prevention

Information security is very important in internet. Information security is the process to secure the information and we have to achieve its security goals these are confidentiality, integrity, availability we must not share our confidential data with anyone and while transferring the data from one system to another we must have sure the received data is not tempered and modification is not done by the any other person in that data. The receive data is same as the data which is sanded by the sender. The information created and stored by an organization needs to be available to authorized users and applications. There are several types of cyber attack done by the hacker to get this information...

ISO 27001:2005

ISO 27001 is an international standard which specifies the Information Security Management System, often shorted to ISMS. The ISO 27001 standard was published in October 2005, essentially replacing the old BS7799-2 standard. BS7799 was first published in nineties as code of practice and it was long standing standard. Now ISO 27001 enhanced the BS7799-2 content and matched it with other standards...

Recover Deleted File

Some time we delete our data by mistake, so in these deleted data there may be our any important file which we want to recover any how and go to the expert for that and then pay whatever their fee is. So here I am going to tell you how you can recover your previous or deleted data from your hard drive or External drive without paying anything. The tool which we will use to recover the data named as Recuva. So just follow the steps to recover any file or data from your system.

Email borne, Viruses and Worms

The security of network has become most important in past few years. Security professional works on implementing strongest security. So the security has become harder and strong to avoid. Now attacker adapted the new way to attack they do not try to find any loop hole in firewall they simply use the holes that are known to be open. So for this they use SMTP traffic or Email for propagation of malicious software to the victim’s computer...

Types of Disaster and Their Recovery Plan

Companies doing their business with the help of internet because to grow the business information technology is used for effectively and quickly process the information. The employee of the company uses Email system and voice over internet protocol to communicate with their clients and customers. For online payment company uses EDI that is electronic data interchange, we can transmit data with the help of EDI. To process the bulk of data and for storing it servers are used. Employee uses some wireless device, computers and laptops to communicate process or manage the data. If any of these information technology stops working then disaster occurs for the company...

Wireshark Basic Tutorial

In 2008, Wireshark is arrived after ten years of development. Wireshark is a tool use to analyze the packet in the network. This tool captures the packet flow in the network and displays the data of that packet in detail to analyze them. Wireshark is also known as network packet analyzer, as the name suggest this tool is use to examine that what is going inside the network like what type of packets were flow in the network. The network packet analyzer tools were very expensive in the past and but now a days wireshark is the best open source tool available to analyze the packet.

Find Your Lost Phone

How many of you have an issue to forget your mobile phones? I guess, most of us.

Sometimes in our homes, sometimes in our offices, sometimes in our cars and sometimes we even don’t remember the exact place where we left our phones.

Now, finding your phone is as simple as searching something on Google...