Skip to content
Divya Aradhya
About
Posts
Papers & Presentations
Categories
Application Security
Capture The Flag
Cloud Computing Security
Cybersecurity Compliance
Cybersecurity Strategic Planning
Database Security
Information Security
Management of Information Security
Network Security
Penetration Testing and Ethical Hacking
Web Security Management
Contact
Divya Aradhya
Information Security
Primary Menu
About
Posts
Papers & Presentations
Categories
Application Security
Capture The Flag
Cloud Computing Security
Cybersecurity Compliance
Cybersecurity Strategic Planning
Database Security
Information Security
Management of Information Security
Network Security
Penetration Testing and Ethical Hacking
Web Security Management
Contact
X
About
Posts
Papers & Presentations
Categories
Application Security
Capture The Flag
Cloud Computing Security
Cybersecurity Compliance
Cybersecurity Strategic Planning
Database Security
Information Security
Management of Information Security
Network Security
Penetration Testing and Ethical Hacking
Web Security Management
Contact
Category:
Application Security
CVSS Demystified: Part 2: Base Metrics
CVSS Demystified: Part 1
Why is it important to train personnel in security if it is not part of their job routine?
The Case for Manual Security Code Review
Why Sec folk should walk in Developers’ shoes…
Manual Security Code Review
The difference between The Database and the Database Management System
Fuzzing
What is the importance of a business continuity plan? What are essential items that should be included in this plan for any business or organization?
List and explain five ways to become proactive in securing the organization
What is a zero-day attack? Why do these represent a significant threat to information systems?
What are the components of two-factor authentication?
Describe and discuss common authentication types
The root cause of an SQL injection attack and why it continues to be one of the most common security risks to a data server
What are the security risks with the use of ActiveX?
Summarize the risks of using JavaScript in a web application from a security perspective.
How Fast Does Ransomware Encrypt Files?
What are the three security issues with utilizing client-side plug-ins in a web application?
Zero Day Threats
Macro Virus Demo
What are some of the ways that a leader in an organization can embody and promote security as an organizational consideration?
What are the key factors involved in assessing the importance of a risk?
What are the challenges in enforcing security policies in an organization when they have not been in place previously?
What challenges exist in creating and implementing new security policies in an organization when there has been no consideration of security in the past?
Why is leadership outlook on security critical to employee buy-in at all levels?
Summarize the process of constructing security training inside an organization. What are at least four resources that should be consulted to make sure the training is adequate and current?
What factors should be involved in deciding on a delivery method for an organization’s security training?
What are the main problems with preventing social engineering in an organization?
Why do insiders pose such a significant threat to an organization?
Security Awareness and Training: SANS Guidelines
How does the evolution of attack tools affect existing systems? What steps should an organization take to remain vigilant of these new methods for compromising systems?
Why is it important to retain documentation of legacy elements of a software system?
Choose at least three available tools for software review and analysis, and summarize their features and drawbacks.
What factors should influence the time frame and scope of a penetration test?
Why is it important to probe and attack a system both at rest and in action?
What advantages do actual attackers have over penetration testers in attempting to compromise a system? Justify your conclusions.
What factors should be considered in responding to any compromise identified in either static or dynamic analysis of a system? Rank at least four factors and justify your ordering.
What are the important considerations in choosing a Red Team (or attack team) for your software system?
Fuzzing
Why is a periodic system review beneficial to security?
What protections can you place within an organization on code that is developed externally?
What are the risks of not mapping the instantiation and cleanup of variables containing privacy data?
How is the Scope of a Variable important to Security Planning?
What are the most critical aspects of security in an Object-Oriented Software system?
The Importance of Establishing a Ranking of Vulnerabilities in a System
Constructing Misuse Cases: Benefits and Drawbacks
Benefits of creating a vulnerability map for a planned software system
Why should requirements gathering be prevented after the scope of the system is defined?
Why is it important to rank the importance of various stakeholders involved in system development?
Why is it important to incorporate security throughout the SDLC instead of just in one phase or another?
Secure SDLC
Buffer Overflow
What are the differences between data and information?
What are the Risks associated with Inheritance in Classes?
Why is it Important to Monitor and Control System Output?
The Importantance of Setting Boundaries on Variable Values
Buffer Overflow: Definition and Defense
How does SQL differ from Programming Languages?
The Risks of Directly Executing User Input
DBMS: The Differences between an Attribute and a Field
The Role of the Data Dictionary in the DBMS?
Can Rootkits Beneficial to Security Administrators?
Different Types of Data Backup
Steps to Hardening any Operating System
Does any RAID configuration provide a complete solution to fault tolerance in servers?
Home Computer and Fault Tolerence
PGP and Self-Signed Digital Certificates
The Modern Usage of the RSA Cipher
Asymmetric and Symmetric key cryptography: A Comparison
Macro Virus Demo
Who is ultimately responsible for the security choices in software system development and deployment?
Database Systems: Threats and Mitigation
Why is it important to understand the updates and patches available for your operating system?
Policies to combat Social Engineering via Phone Calls
Physical Penetration into a Facility: Risks and Mitigation
Red Teams: Benefits and Challenges
What is the easiest phase of standard software development life-cycle for security considerations?
Who can be more destructive? The Unwitting Insider or the Intentional External Attacker?
Software Security and Integrity