Blog Standard

Information Technology General Controls (ITGC)

Information Technology General Controls, popularly called ITGCs refers to the set of control such as policies,procedures, and technologies that an organization puts in place to ensure confidentiality, integrity, andavailability of its information and IT systems.ITGC review is an assessment of these controls to determine their effectiveness in protecting the organization’sinformation and IT systems. A comprehensive […]
Read More

Automotive Cybersecurity. An Introduction

Introduction to Automotive Cybersecurity Cybersecurity is the practice of protecting digital assets from malicious attacks. It is also referred to as “information technology security” or “electronic information security.” The term is used in a variety of contexts, but in this article, we will be considering cybersecurity in the context of automobiles.  The automobile industry has […]
Read More

Service Organization Control: An Introduction

Service Organization Control 1 (SOC 1) and Control 2 (SOC 2) are two standards for assessing a service organization’s internal controls. The American Institute of Certified Public Accountants (AICPA) established these standards to assist service organizations in demonstrating their dedication to security, availability, confidentiality, and privacy. SOC 1 is especially concerned with the financial reporting […]
Read More

Cloud Computing Services

In our last article, we talked about the different cloud deployment models: Public, Private, Hybrid, andCommunity. In this article, we will be discussing the cloud computing services which are mainly three types IaaS(Infrastructure-as-a-Service), PaaS (Platform-as-a-Service), and SaaS (Software-as-a-Service). Cloud computing is the distribution of IT resources on-demand through the Internet with pay-as-you-gopricing. Instead of purchasing, […]
Read More

Cloud deployment models

The deployment model is an important aspect of cloud computing. A cloud deployment model is a specificconfiguration of the environment’s variables, including storage capacity, ownership of the deploymentinfrastructure, and accessibility. This implies that deployment models employed by businesses are basedon the ownership (i.e who controls the infrastructure) as well as the location of the infrastructure. […]
Read More

Internet of Things (IoT) Security

The term IoT, or Internet of Things IoT has become one of the most important technologies of the 21stcentury, and it simply refers to the collective network of connected devices (smart devices) each with itsunique identifier automatically collecting and sharing data over a network. These devices range fromordinary household objects to sophisticated industrial tools.The fast […]
Read More

Auditing Artificial Intelligence

Technology keeps evolving, and accompanying these emerging technologies are the associated risks which if adequate security and control is not in place, can erode the overall benefits.There is a lot of buzz around Artificial intelligence as they currently form the basis for all computer learningand are considered the future of all complex decision-making. They have […]
Read More

Five (5) frameworks for improving cybersecurity

A cybersecurity framework provides a set of baseline best practice criteria with a goal to further strengthen the cybersecurity posture of any organization where it is implemented. Having these frameworks in place, it becomes easy to define standard processes and procedures which sustains confidentiality, integrity and availability. In this article, we will talk about five […]
Read More

Top 5 CyberSecurity Groups on Facebook

Facebook is one of the top 10 social media platforms and the largest social media platform globally at 2.85 billion monthly active users worldwide, which accounts for more than 30% of the world’s population having access to the platform. Compiled in this piece in no particular order are the names of top 5 cyber security […]
Read More

Top 10 Cybersecurity Subreddits for Security Professionals

Reddit is a social news website and forum where information is socially vetted and promoted by site members voting. The name of the website is a pun on the phrase “I read it.” Reddit is fragmented into over a million communities known as “subreddits,” each of which tackles a certain topic. A subreddit’s name begins […]
Read More

Five Resources on Data Privacy

Data privacy in our world today is a very serious global issue, especially as the use of digital devices has become prevalent. A lot of companies in recent times have sold people’s personal data to third parties (other companies and private individuals) for many reasons for which advertising is paramount. This is why learning about […]
Read More

A journey into Data Privacy

The world digital trail has become common. Ip addresses, cookies etc and every activity we take part in online leaves a trail. Information privacy is there to ensure the details that we drop online are protected, and that our personal information online is not accessed by illegal entities. What is Data privacy? Data privacy can […]
Read More

An overview of Identity Theft

Identity theft is a very serious security challenge, as experts believe that these cases occur so often that there is a new victim every 22 seconds. According to identitytheft.org, over 48 million identity theft cases recorded in 2020. This was an increase of 3.3% compared to the cases in 2019. Experts suggest that this problem […]
Read More

SECURE CONFIGURATION: CIS vs STIG BENCHMARK

During the development, building, and installation of software, databases, computers, computer devices, and network services, secure configuration is the security measure kept in place to reduce vulnerability. Why is Secure Configuration necessary? The famous saying “default settings” is an example of a set of configurations an application, database, operating system, etc. comes shipped with, which […]
Read More

DevSecOps: An Overview

When done the right way, DevOps implementation is sure to bring about better collaboration among teams, faster time to market, improved productivity, enhanced customer satisfaction, and increased efficiency. Unfortunately, all these efficiencies and enhancements that come with DevOps are almost useless without security. That is why DevSecOPs is the introduction of security practices into DevOps. […]
Read More

Openid connect and oauth overview

Over the past articles, we have been exploring the world of the middleman (Api). We have been sufficiently able to break the concept down describing what it is, the advantages it presents, how to make it secure and the tools used for assessing its security posture. In this article, we are going to explore two […]
Read More

Five (5) API security testing tools you need to know.

There are several tools that have been used to access API security. Depending on each organization’s needs, a certain tool can be the ideal option for one but not the other. Although the majority of these API security testing tools have free trials or versions, enterprise users will probably need to purchase licences or explore […]
Read More

Tips for Securing Api’s

API security refers to the process and/or measures of preventing or mitigating attacks on application programming interfaces (APIs). As discussed in the previous article, Application Programming Interface, or API, is a software bridge that enables communication between two applications therefore it is very important that measures are in place to ensure that the communication remains […]
Read More

Application Programming Interface (Api)

                              Application Programming Interface explained Application Programming Interface, or API, is a software bridge that enables communication between two applications. You utilize an API every time you use a mobile app like Facebook, send an instant message, or check the weather. Application programming interface, or API, is a concept that can be used in a variety […]
Read More

Conformance Testing: An overview

Conformance testing is a software testing technique used to ensure that a software system meets the standards and regulations established by IEEE, W3C, or ETSI. Conformance testing determines how a system under test meets the individual requirements of a specific standard. Compliance testing is another name for conformance testing.    It deals with some technical aspects. […]
Read More

The Art of Software Testing

Software Testing is a technique used to check or confirm whether a software product meets the expected requirements and to ascertain that the software product has no defects. It involves the running of software/system components using manual or automated tools to examine one or more specifications of interest. The main reason for software testing is […]
Read More

Five Questions About Mobile App Security

Five questions about App security Mobile app security has always been a source of concern. It has even become more important than ever as mobile devices become part of our everyday lives. People are more reliant on their mobile devices, especially their mobile phones, to access everything from banking information to regular updates on live […]
Read More

Intrusion Detection System

An intrusion detection system (IDS) is a device or software application that monitors network traffic for suspicious activities and alerts when such activities are discovered. While detecting and reporting malicious threats and abnormalities are the basic functions of an IDS, some intrusion detection systems can also take action when malicious activities or abnormal traffic is […]
Read More

Network Orchestration

What is network orchestration? Network orchestration is the automation of networks across different types of infrastructure devices, network domains, and even multi-vendor systems with a network. In addition, orchestration can be policy-based or event-driven automation through the use of programmatic interfaces like RESTful APIs that are enabled by third-party software or a network infrastructure solution […]
Read More

Network Security Resources

In the previous article on Network Security Fundamentals, I explained network security and its foundations.  Why is network security important? Most companies in recent times heavily rely on computers to share information and keep information safe. Especially in a large scale company with a large number of staff each expected to have a personal workstation, […]
Read More
Networking Security

Networking Security Fundamentals

Networking is the process of creating connections between devices. It can be used to transmit data, share resources, and provide internet access. Network security is a system that protects networks from unauthorized access and use. The purpose of networking is to enable communication between devices. This can be done by connecting them directly to one […]
Read More

Email Security 

E-mail was designed to improve accessibility/communications. But the problem is that it isn’t very secure. Email Phishing attacks have been increasing in frequency, and it doesn’t seem likely to stop anytime soon, with large companies and high-profile individuals the common targets.  Attackers use emails that appear authentic to deceive recipients enticing them to part with […]
Read More

7 Emerging Blockchain Technology Trends to Follow in 2022

Blockchain technology has been hailed as one of the most significant technological breakthroughs in recent years. Check out our article on blockchain technology. Manufacturing and education are among the industries that are affected. Blockchain technology is a permission-free, publicly accessible database system with encryption and centralization for security. To ensure network reliability and stability, blockchain […]
Read More

Artificial Intelligence Risk

What is Artificial Intelligence? According to Investopedia, Artificial intelligence (AI) refers to the simulation of human intelligence in machines that are programmed to think like humans and mimic their actions. The term may also be applied to any machine that exhibits traits associated with a human mind such as learning and problem-solving.  The benefits of […]
Read More

Internet of Things (IoT)

In this article, we will be taking a journey to understand Internet of Things (IoT), and to this end, the journey will be guided by the underlisted: What is IoT? The evolution of IoT Use cases of the Internet of Things IoT products What is IoT?  The Internet of things describes physical objects with sensors, […]
Read More

Artificial Intelligence as a Service (AIaaS)

Artificial intelligence as a service (AIaaS) refers to off-the-shelf AI tools that allow businesses to implement and scale AI techniques at a fraction of the cost of a full-fledged in-house AI.  Because it is based on cloud computing, the concept of everything as a service refers to any software that can be accessed across a […]
Read More

Ransomware as a Service

Ransomware as a Service  Ransomware attacks have been increasing in frequency, and it doesn’t seem likely to stop anytime soon, with large companies and high-profile individuals the common targets.  One of the main reasons for this sudden increase is the change from linear attacks to multi-option, this move absolves the original authors from the crime […]
Read More

Frequently Asked Questions: Cloud Security

How safe is the cloud? Who has access to the cloud? How can you be protected round the clock from hacking attempts? And more importantly what steps are being taken by the service providers to protect your data?  This article has been put together to help find answers to some Frequently Asked Questions related to […]
Read More

Data Tokenization vs Data Encryption

Data tokenization and data encryption are two major words you would often come across in the world of data security. Is data tokenization the same as data encryption? What are the differences if they are not the same? Is there any sort of similarity between them? These questions will be answered in this article. What […]
Read More

The virtual world called “Metaverse”

The Metaverse has been a very hot topic in the past few weeks since the founder of Facebook “the big Mark” switched the name of the popular social networking platform and its subsidiaries to META, and he explained the plans of the company as it relates to metaverse in a live stream. The term has […]
Read More
Database activity Monitoring

Database activity monitoring

What is Database activity monitoring (DAM)? The process of observing, identifying, and reporting the activities carried out within a database with minimal effect on the performance of the system is called Database activity monitoring (DAM). Database activity monitoring is carried out by use of instantaneous security technology tools that give real-time monitored updates, analysis, and […]
Read More

Network Data Loss Prevention

In this post, I will talk about network data loss prevention (DLP), its importance, and some available dlp solutions. I have written some articles in the past about data, read through the blog to get updated. What is network dlp? While data is in motion, network data loss prevention (DLP) software monitors, detects and potentially […]
Read More

Email Security

Email security is a vital necessity because email contains sensitive information. Due to the high usage of such means of information transfer, it has since become a major target for attack. This and many more reasons are why companies are favoring the use of cloud-based email services like Gmail, Outlook, Protonmail, etc. What is Email […]
Read More

Data Privacy: Definition and Overview

The world has gotten so small, as information has become more accessible, shareable, and more vulnerable. Data privacy is the security of personal information from unwanted access by third parties and determines who has access to the information. Personal information like age, location, contact information in both real-time and online platforms are usually open to […]
Read More

Malware forensic: An overview

If a simple action such as clicking on a link or opening an email can cause disastrous outcomes, then Malware and Malware forensic cannot be overlooked. In my last post, I explained malware, how it works, antimalware and antimalware tools. Check it out here for more understanding. What is Malware Forensic: Malware is the collective […]
Read More

MALWARE: EVERYTHING YOU NEED TO KNOW ABOUT IT

Malicious Software popularly known as MALWARE is the collective name for any program or software that intentionally puts a computer, a server, a network or group data at risk.  Malware is a set of code written or developed by cyber attackers with the aim of intentionally harming certain data set or gaining unauthorized access into […]
Read More

Computer Network Protocols: What it is and how it works

Computer Network Protocols… What it is and how it works Network protocols is a word I’m sure you have heard in use among diverse technology professionals. In this article, I will try to explain what it is and some of the network protocols employed by information systems. Let’s start with Computer Networks. This simply put […]
Read More
Mobile Device Security

Mobile Device Security

Mobile security is the security measures put in place to avoid risk and vulnerability of data and assets loss attached to using mobile computing devices like smartphones, laptops, Tablets etc. What is so important about Mobile security? The use of Mobile Devices is the future: Slowly and gradually technology has evolved from using stationary devices […]
Read More
Virtual Private Database: A practical approach

Virtual Private Database: A practical approach

In our previous post, we learnt what the Oracle Virtual Database was all about. If you haven’t read it click here. Without wasting much of your time, let get busy with our practicals What is needed Working Oracle database (10g and above) HR sample schema. Sql work environment (SQL Navigator, Toad, etc) Today’s tutorial will look at the following types […]
Read More

Introduction to Cloud Computing

The idea of cloud computing might seem like a seriously big deal. Don’t worry I got you today. What is cloud computing? Cloud computing according to The National Institute of Standards and Technology (NIST) is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, […]
Read More

A Run Through Owasp Top 10:2021

OWASP top 10 and how it works What is OWASP The Open Web Application Security Project (OWASP) is a non-profit foundation dedicated to improving the security of software. OWASP operates under an ‘open community model, this model enables anyone both to participate and contribute to projects, events, online chats, and more. All materials and information […]
Read More

Microsoft SQL Server Security check

SQL Server, owned by Microsoft is one of the leading data platforms used as a production database to store very sensitive data. We should all know by now that data is an organization’s most valuable asset. This makes it a necessity to efficiently secure the SQL Server database.This quick post will highlight some important back-end […]
Read More

Nmap Cheatsheet X

Network mapper (NMAP) is an opensource security tool used for network exploration, security scanning and auditing In this article, I will be listing some important Nmap commands that will make network assessment easy. Let’s go! Scan single Ipaddress: nmap ipaddress Scan a host: nmap server1.abc.xyz Scan a host with more information: nmap -v server1.abc.xyz Scan […]
Read More
Social Engineering: The pervasive art of deception

Social Engineering: The pervasive art of deception

Social Engineering like the term suggests refers to a diverse range of activities employed by malicious parties with the aim of luring unsuspecting victims to divulge sensitive information which will impact their online safety and might lead to financial loss. This tactic has been increasingly employed by malicious parties in recent years, as it is […]
Read More

Phishing Crossword

I bet you’re wondering how to play this game……Don’t overthink it, I’ve explained below how to go about it. There are some empty boxes you’re expected to fill with words. The boxes are numbered in line with the clues listed below. Follow the clues to fill the boxes with the appropriate words, right words are […]
Read More

Oracle Database Native Auditing Features

Preventing attacks on the database is the only approach to securing the database. Detecting potential attacks is also as important after all, the best security in the world is not going to stop every attacker. This is where the advantage of auditing comes to play. Auditing allows us to monitor the environment and identify potential […]
Read More
ARP poisoning also known as ARP Spoofing is an attack on the network which allows the attacker to intercept network communication between the target computer and the network.

Understanding ARP Poisoning: A practical approach

ARP poisoning also known as ARP Spoofing is an attack on the network which allows the attacker to intercept network communication between the target computer and the network. This concept is called MAN-IN-THE-MIDDLE attack and it makes it easy to steal sensitive data like username and passwords, bank data  etc.The man in the middle attack […]
Read More

NOSQL . A summary of what it entails

NoSQL is a database management system that provides a means of storing and retrieving data.It uses a different approach which is completely different from the tabular relations used in relational databases that we are more used to.In this post I will summarize a quick understanding of what NoSQL is with its advantages/disadvantages and uses. There are three (3) common types […]
Read More

SAP ERP. An Introduction

SAP ERP is a common ERP (Enterprise Resource Planning) software used by companies for the coordination of all core business functionalities, such as procurement, materials management, production, finance, sales, marketing, and human resources. SAP (Systems, Applications, and Products) is believed to be the most common ERP that assists companies of different sizes, small businesses, midsize […]
Read More
Open source tools

Open Source Tools in Cybersecurity

I have previously written on open source. Here is the link to that article, for more understanding. Today, I want to talk about open source tools. In this article I will discuss 10 open source tools that hackers and security researchers use to gather intelligence,before the real assessment or hacking is done.  First, what are […]
Read More
Oracle Human Resources Management System

Oracle Human Resources Management System

Oracle Human Resources Management System (HRMS) is a major component of the Oracle E-Business Suite of applications.Simply put, It is an integrated suite of applications which supports every aspects of the HR function. There are several modules defined in Oracle HRMS eg Oracle Human Resources (HR),Oracle Payroll,Oracle Performance Management,Oracle iRecruitment,Oracle Time & Labor(OTL) etc.In this post […]
Read More

Blockchain Oracles: What are they and how do they work?

In the past few articles, I have written about blockchain, smart contract, smart contract audit and cryptojacking. I saw it fit to do a piece on blockchain oracles and we will be exploring this topic on the borders of: What are blockchain oracles? Blockchain Oracles Use case Types of oracles The oracle problem Blockchain oracles […]
Read More
Ransomware

Ransomware

With the increasing rate of ransomware, the need to protect files and networks have become essential. Especially if as a company you store a lot of data on your server and you transfer a lot of data also. Both your server and information transfer process needs to be secured to guard against ransomware. What is […]
Read More
Auditing Smart Contract

Auditing Smart Contract

I did a piece on smart contract where I detailed the basics of the technology, how it works, platforms that drive smart contract and its diverse use case. The article can be found here: Smart Contract. In this article, we will further explore smart contracts by considering the security.  let us break down Auditing Smart […]
Read More

Smart Contracts

What are contracts ? What is a Smart Contract ? Smart Contract Platforms Sample Smart Contract code Smart Contract use case A contract is a legally binding document between at least two parties that defines and governs the rights and duties of the parties to an agreement.  The concept of contracts is so prevalent today, […]
Read More
Adware is not a virus rather It is a PUP

Breaking down Adware

What is Adware?  Are all online Adverts adware?  There is nothing more annoying than seeing unwanted advertisement pop-ups while watching your favourite show, playing a game online either on your computer or your laptop. Adverts ranging from how to be a millionaire in seven days, to how to burn belly fat overnight, and a lot […]
Read More
DDoS: What does it mean?

DDoS: What does it mean?

Distributed denial of service (DDoS) is an attack such that the source website of a company is bombarded with a lot of requests that are more than its capacity, which then affects the ability of the website to function properly. With the rapid recurrence of such attacks, many companies whose business model requires a massive […]
Read More
Hacking the untold truth

Hacking: The untold truths about hacking

Hacking has been associated with a lot of things both legal and illegal. The common image that comes to mind when people hear hacking is that of an individual wearing a mask with a disturbed radio-like robotic voice, a laptop probably wearing a red or black jumpsuit with a lot of pizza boxes thanks to […]
Read More

Evaluating Oracle Weblogic Middware Controls

WebLogic is Oracle’s proprietary application server. It is Java base and Inherited when it acquired BEA Systems in 2008.it’s used by many businesses to build and deploy enterprise applications. Weblogics popularity and widespread use has made it a target by malicious individuals.In this post, I will provide you with suggested control that can be implemented […]
Read More
Honeypot

What is Honey pot in cybersecurity?

 Honeypot calls to remembrance the Trojan Horse a concept first put to use in the Greek mythology. It’s an open gift that is part of a game plan. Due to the concurrent incidence of cyberattack, cybersecurity experts then thought of it. Why wait for them to attack first? Why don’t we attract them using a […]
Read More
pankaj-patel

How to use YASCA static code analysis tool

Yasca which is an acronym for “Yet Another Source Code Analyzer” is an open source program which looks for security vulnerabilities, code-quality, performance, and conformance to best practices in program source code. It leverages external open-source programs, such as FindBugs, PMD, JLint, JavaScript Lint, PHPLint, Cppcheck, ClamAV, Pixy, and RATS to scan specific file types. […]
Read More
The unfortunate thing about threats, risk to your data, information and security is that it starts internally little wonder it is called an Insider threat.

Insider threat and what you need to know about it

The unfortunate thing about threats, risk to your data, information and security is that it starts internally little wonder it is called an Insider threat. Most attacks  on business security and information are not  cases of a well designed malicious masks and glove wearing  group called Hackers. What is an Insider Threat? An insider threat […]
Read More
A forensic audit is a special part of accounting that requires expertise in accounting procedures and legal framework.

FORENSIC AUDIT. AN INTRODUCTION

A forensic audit involves going through a firm’s financial record to get evidence that can be used legally in a court of law or for legal proceedings. Big Industries and companies have a forensic audit department. A forensic audit is a special part of accounting that requires expertise in accounting procedures and legal framework. A […]
Read More
FAQs and Answers in Information technology Risk

FAQs and Answers in Information Technology Risk

When Big names in the finance, commerce and other industries cannot protect their data, this implies that they are having information leakages and issues recovering their data and here is the point where Information Technology risk comes in. Information Technology risk assists in minimizing the risks associated with the technology environment of a company. It  […]
Read More
Static Code Analysis. An Introduction

Static Code Analysis. An Introduction

Static code analysis is a method in computer program debugging that is done by examining the code without actually executing the program. The process provides an understanding of the code structure and can help to ensure that the code adheres to laid down standards.Automated tools can assist programmers and developers and auditors in carrying out […]
Read More

Introduction to Oracle Virtual Private Database

Oracle Virtual Private Database (VPD) enables you to create security policies or group policies to control database access at the row and column level. It allows multiple users to access a single schema while preventing them from accessing data which is not relevant to them. VPD uses Fine-Grained Access Control to limit the visibility of the data to […]
Read More
Google Dorks

Google Dorks: The ultimate query engine

A Google Dork, also known as Google Dorking or Google hacking, is an advanced technique to retrieve or obtain information from google. It is mostly used to find vulnerable targets and sensitive data using advanced search queries. It is a valuable resource for security researchers. Google is known as a search engine used to find […]
Read More