Security Pro

Technology keeps evolving, and accompanying these emerging technologies are the associated risks which if adequate security and control is not in place, can erode the overall benefits.There is a lot of buzz around Artificial intelligence as they currently form the basis for all computer learningand are considered the future of all complex decision-making. They have…

Continue Reading →

A cybersecurity framework provides a set of baseline best practice criteria with a goal to further strengthen the cybersecurity posture of any organization where it is implemented. Having these frameworks in place, it becomes easy to define standard processes and procedures which sustains confidentiality, integrity and availability. In this article, we will talk about five…

Continue Reading →

Data privacy in our world today is a very serious global issue, especially as the use of digital devices has become prevalent. A lot of companies in recent times have sold people’s personal data to third parties (other companies and private individuals) for many reasons for which advertising is paramount. This is why learning about…

Continue Reading →

Logging and monitoring is a term that is largely spoken about in security circles, as it plays an essential role in investigating, fine-tuning the security posture of a single digital asset or group of assets. An error log is a list of every issue affecting a server, network, operating system, or device. These log files…

Continue Reading →

Identity theft is a very serious security challenge, as experts believe that these cases occur so often that there is a new victim every 22 seconds. According to identitytheft.org, over 48 million identity theft cases recorded in 2020. This was an increase of 3.3% compared to the cases in 2019. Experts suggest that this problem…

Continue Reading →

When done the right way, DevOps implementation is sure to bring about better collaboration among teams, faster time to market, improved productivity, enhanced customer satisfaction, and increased efficiency. Unfortunately, all these efficiencies and enhancements that come with DevOps are almost useless without security. That is why DevSecOPs is the introduction of security practices into DevOps.…

Continue Reading →

Over the past articles, we have been exploring the world of the middleman (Api). We have been sufficiently able to break the concept down describing what it is, the advantages it presents, how to make it secure and the tools used for assessing its security posture. In this article, we are going to explore two…

Continue Reading →

API security refers to the process and/or measures of preventing or mitigating attacks on application programming interfaces (APIs). As discussed in the previous article, Application Programming Interface, or API, is a software bridge that enables communication between two applications therefore it is very important that measures are in place to ensure that the communication remains…

Continue Reading →

Five questions about App security Mobile app security has always been a source of concern. It has even become more important than ever as mobile devices become part of our everyday lives. People are more reliant on their mobile devices, especially their mobile phones, to access everything from banking information to regular updates on live…

Continue Reading →

An intrusion detection system (IDS) is a device or software application that monitors network traffic for suspicious activities and alerts when such activities are discovered. While detecting and reporting malicious threats and abnormalities are the basic functions of an IDS, some intrusion detection systems can also take action when malicious activities or abnormal traffic is…

Continue Reading →

E-mail was designed to improve accessibility/communications. But the problem is that it isn’t very secure. Email Phishing attacks have been increasing in frequency, and it doesn’t seem likely to stop anytime soon, with large companies and high-profile individuals the common targets.  Attackers use emails that appear authentic to deceive recipients enticing them to part with…

Continue Reading →

Ransomware as a Service  Ransomware attacks have been increasing in frequency, and it doesn’t seem likely to stop anytime soon, with large companies and high-profile individuals the common targets.  One of the main reasons for this sudden increase is the change from linear attacks to multi-option, this move absolves the original authors from the crime…

Continue Reading →

How safe is the cloud? Who has access to the cloud? How can you be protected round the clock from hacking attempts? And more importantly what steps are being taken by the service providers to protect your data?  This article has been put together to help find answers to some Frequently Asked Questions related to…

Continue Reading →

Data tokenization and data encryption are two major words you would often come across in the world of data security. Is data tokenization the same as data encryption? What are the differences if they are not the same? Is there any sort of similarity between them? These questions will be answered in this article. What…

Continue Reading →

VPN gateway VPN stands for “Virtual Private Network” which is designed to establish a “protected” network connection when using public networks, this makes it difficult for third parties to steal your data or track your online activities. In layman’s terms, a VPN establishes a “secure and private” connection to the internet, from your device to…

Continue Reading →

In this post, I will talk about network data loss prevention (DLP), its importance, and some available dlp solutions. I have written some articles in the past about data, read through the blog to get updated. What is network dlp? While data is in motion, network data loss prevention (DLP) software monitors, detects and potentially…

Continue Reading →

Email security is a vital necessity because email contains sensitive information. Due to the high usage of such means of information transfer, it has since become a major target for attack. This and many more reasons are why companies are favoring the use of cloud-based email services like Gmail, Outlook, Protonmail, etc. What is Email…

Continue Reading →

Mobile security is the security measures put in place to avoid risk and vulnerability of data and assets loss attached to using mobile computing devices like smartphones, laptops, Tablets etc. What is so important about Mobile security? The use of Mobile Devices is the future: Slowly and gradually technology has evolved from using stationary devices…

Continue Reading →

Network mapper (NMAP) is an opensource security tool used for network exploration, security scanning and auditing In this article, I will be listing some important Nmap commands that will make network assessment easy. Let’s go! Scan single Ipaddress: nmap ipaddress Scan a host: nmap server1.abc.xyz Scan a host with more information: nmap -v server1.abc.xyz Scan…

Continue Reading →

With the increasing rate of ransomware, the need to protect files and networks have become essential. Especially if as a company you store a lot of data on your server and you transfer a lot of data also. Both your server and information transfer process needs to be secured to guard against ransomware. What is…

Continue Reading →

SSLscan is another type of port scanner similar to NMAP. However its objective is to scan SSL ports to determine what security protocols or ciphers supported and/or preferred. In this blog post we will be looking at how to access and use SSLscan. It is very useful when it comes to testing security protocols accepted…

Continue Reading →

Yasca which is an acronym for “Yet Another Source Code Analyzer” is an open source program which looks for security vulnerabilities, code-quality, performance, and conformance to best practices in program source code. It leverages external open-source programs, such as FindBugs, PMD, JLint, JavaScript Lint, PHPLint, Cppcheck, ClamAV, Pixy, and RATS to scan specific file types.…

Continue Reading →

Oracle Virtual Private Database (VPD) enables you to create security policies or group policies to control database access at the row and column level. It allows multiple users to access a single schema while preventing them from accessing data which is not relevant to them. VPD uses Fine-Grained Access Control to limit the visibility of the data to…

Continue Reading →

Mozilla Firefox, is a free and open-source web browser developed by the Mozilla Foundation. It is a very powerful browser with an impressive variety of plugins. A plugin is a piece of software that acts as an add-on to a web browser and gives the browser additional functionality.

Continue Reading →

A Google Dork, also known as Google Dorking or Google hacking, is an advanced technique to retrieve or obtain information from google. It is mostly used to find vulnerable targets and sensitive data using advanced search queries. It is a valuable resource for security researchers. Google is known as a search engine used to find…

Continue Reading →

VLAN stands for Virtual Local Area Network. This is a local area network where the computers, servers and other network devices are LOGICALLY connected regardless of their physical location.

Continue Reading →

A data state is described as the different condition of data while being utilized in a computing environment. The term is especially used in information security.In this post, you will learn the various states data can be in. As an added bonus, you will also learn the various ways we can also protect this data at each individual states.…

Continue Reading →

One of the biggest headaches for organizations security-wise is having to deal with technical vulnerabilities (Faults With Vulnerability Management) periodically. While some organizations have a well mapped out process to manage vulnerabilities, some others still struggle with the “Whack-A-Mole” method, randomly dealing with vulnerabilities as they appear.

Continue Reading →