DISC InfoSec blog

Web Pentesting Checklist Cyber Security News PenTesting Titles Pentesting Training Penetration Testing – Exploitation Penetration Testing – Post Exploitation Infosec books | InfoSec tools | InfoSec services

is this website safe ? In this digital world, Check website safety is most important concern since there are countless malicious websites available everywhere over the Internet, it is very difficult to find a trustworthy website. We need tobrowse smart and need to make sure the site is not dangerous by using Multiple approaches. In general, it is good […]

The majority of major automobile manufacturers have addressed vulnerability issues that would have given hackers access to their vehicles to perform the following activities remotely:- Lock the car Unlock the car Start the engine Press the horn Flas the headlights Open the trunk of certain cars made after 2012 Locate the car Flaw in SiriusXM […]

Did you know that not one of the top 50 undergraduate computer science programs in the U.S. requires a course in code or application security for majors? Yet the threatscape is only expanding. A recent report by Security Journey reveals the gap left by academia when developers are being trained to write code, and the ways in […]

Healthcare organizations are increasingly using apps for telehealth and beyond. These apps have a significant impact on how they operate. They also have access to lots of sensitive information, such as EMR. As a result, we have seen an uptick in healthcare application threats globally. The top threat risks in healthcare industry includes ransomware, DDoS and automated […]

A cybersecurity framework provides a formal and comprehensive set of guidelines to help organizations define their security policies, assess cybersecurity posture, and improve resilience. Cybersecurity frameworks specify security controls, risk assessment methods, and suitable safeguards to protect information systems and data from cyberthreats. Though originally developed for government agencies and other large organizations, cybersecurity frameworks […]

These five suggestions provide a great place to start building a scalable and affordable program for creating secure apps. Some security programs need to have the absolute highest possible level of security assurance for the systems and the data they protect. They need to be as close to perfect as they can be. Examples of […]

In this Help Net Security video above, Erik Costlow, Senior Director of Product Management at Azul, talks about Java centric vulnerabilities and the headache they have become for developers everywhere. He touches on the need for putting security back into DevOps and how developers can better navigate vulnerabilities that are taking up all of their efforts and keeping […]

Software Bill of Material and Vulnerability Management Blind Spots Open source software is everywhere (which is not a bad thing in itself). However, many buyers don’t have inventory of open source components included in software products they are buying. Business even fail in keeping tack of open source components used in internally developed applications. As […]

Just over a year ago, we wrote about a “cybersecurity researcher” who posted almost 4000 pointlessly poisoned Python packages to the popular repository PyPI. This person went by the curious nickname of Remind Supply Chain Risks, and the packages had project names that were generally similar to well-known projects, presumably in the hope that some of them would […]

Researchers uncovered an ongoing operation, codenamed DUCKTAIL that targets Facebook Business and Ad Accounts. Researchers from WithSecure (formerly F-Secure Business) have discovered an ongoing operation, named DUCKTAIL, that targets individuals and organizations that operate on Facebook’s Business and Ads platform. Experts attribute the campaign to a Vietnamese financially motivated threat actor which is suspected to […]

Microsoft publicly disclosed technical details for an access issue vulnerability, tracked as CVE-2022-26706, that resides in the macOS App Sandbox. “Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system.” reads the post published by Microsoft. Microsoft reported the issue to Apple through Coordinated Vulnerability Disclosure (CVD) via Microsoft […]

During the bug hunting activity, Red Team Research (RTR) detected 2 zero-day bugs on GEMINI-NET, a RESI Informatica solution. It’s been detected an OS Command Injection, which has been identified from NIST as a Critical one, its score is 9,8.  This vulnerability comes from a failure to check the parameters sent as inputs into the […]

A keen-eyed researcher at SANS recently wrote about a new and rather specific sort of supply chain attack against open-source software modules in Python and PHP. Following on-line discussions about a suspicious public Python module, Yee Ching Tok noted that a package called ctx in the popular PyPi repository had suddenly received an “update”, despite not otherwise being touched […]

It’s not quite everywhere yet, but 5G connectivity is growing rapidly. That’s a great thing for remote workers and anyone depending on a fast connection, but what kind of impact will 5G have on application security? “The explosion of 5G is only going to put more pressure on teams to harden their application security practice,” said Mark […]

Earlier this year, the White House announced that it is working with the European Union on a Trans-Atlantic Data Privacy Framework. According to a White House statement, this framework will “reestablish an important legal mechanism for transfers of EU personal data to the United States. The United States has committed to implement new safeguards to ensure […]

Burpsuite, the proxy-based tool used to evaluate the security of web-based applications and do hands-on testing developed by PortSwigger. It is one of the most popular penetration testing and vulnerability finder tools and is often used for checking web application security. Web App Security 👇 Please Follow our LI page…

While some applications are still being built on a monolithic (all-in-one) architecture – i.e., all components in a single code base, on a single server, connected to the internet – an increasing number of them is now based on the microservices architecture, with each application microservice a self-contained functionality, “housed” in a container managed by […]

Owasp A Complete Guide Front End Web Developer Cert

Securing DevOps: Security in the Cloud