Posts

Security Software & Tools Tips – September 2019

In this monthly post, we try to make you aware of five different security-related products.
This is a repost from my personal website Ulyaoth

This month we have chosen for the following:
* CipherCloud
* CodeDiaper
* N-Stalker
* Passhunt
* SonarTS

CipherCloud

Information from the CipherCloud website:

The CipherCloud CASB+ platform provides deep visibility, end-to-end data protection, advanced threat protection, and comprehensive compliance capabilities for enterprise embracing cloud-based applications.

Website:

https://www.ciphercloud.com/ciphercloud-overview/

CodeDiaper

Information from the CodeDiaper website:

You can search for a specific string from all the source code on GitHub and check if it has been posted illegally.

Website:

https://github.com/future-architect/code-diaper

N-Stalker

Information from the N-Stalker website:

N-Stalker Web Application Security Scanner X Free Edition provides a restricted set of free Web Security Assessment checks to enhance the overall security of your web server infrastructure, using the most complete web attack signature database available in the market – “N-Stealth Web Attack Signature Database”.

Website:

https://www.nstalker.com/products/editions/free/

Passhunt

Information from the Passhunt website:

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

Website:

https://github.com/Viralmaniar/Passhunt

SonarTS

Information from the SonarTS website:

Static code analyzer for TypeScript detecting bugs and suspicious patterns in your code.

Website:

https://github.com/SonarSource/SonarTS

Image by Pete Linforth from Pixabay

Shortcut towards a secure site

Criminal activities and hacks are increasing on the internet, and companies have to increase the levels of security in routines and habits when it comes to passwords and online behavior.

Most of us know the dangers of this, but it seems we are not able to improve in this area.

Phishing attacks trick people daily into revealing their passwords, and users on unsecured networks can have their passwords sniffed. Malicious spyware can capture passwords and send them over the network to attackers. Identity theft is one of the fastest growing white-collar crimes in the world.

Going after user details is still easier than hacking the actual perimeters This is by far the preferred method of breaking and entering. Verizon (backed by all other major companies in this field) states in its latest study that stolen credentials are used in over 50% of attacks or hacks on websites.

 

Source: Verizon Data Breach Investigation Report 2015

The same study shows that in the financial services market, over 95% of the incidents follow the process: Phish customer -> get credentials -> abuse web application -> empty account

Facts:

  • Easy passwords can be cracked – and we use them all the time;
  • Sharing of passwords make it impossible to know who did what;
  • Same accounts and passwords are used at multiple places;
  • Passwords that need to be continuously changed are not user-friendly enough – so we don’t bother;
  • Hackers are using user names and passwords to steal data;
  • Random passwords cannot be remembered.

What is the recommendation?

Security experts worldwide suggest the usage of a strong, two-factor authentication to protect organizations assets. The same is also recommended by various compliances/certifications like PCI-DSS, HIPAA, SAS 70, ISO 27001 and others.

The strongest and closest to fool-proof safety against identity theft is Two Factor Authentication. And, it is also one of the remedies that could be labelled low-hanging in terms of return on investment.

The table shows the means (functions) one can implement to secure the service (critical security controls), and in percentage how much this can contribute towards an optimal solution security-wise (100%). We see that patching web services also rate as a highly effective means to a secure solution.

Source: Verizon Data Breach Investigation Report 2015

The two main benefits of Two Factor Authentication are that you get protected access to your solution and know who has accessed it and you also protect your end customers or members by offering Two Factor Authentication to them.

Why Multi Factor Authentication (MFA) from Basefarm

  • Fast implementation – we set it up for you so you will be up-and-running very fast with little effort;
  • Save time – we can manage and administrate your solution for you;
  • Cost effective – as a service OPEX only;
  • Stable and secure solution – with SLA from Basefarm.

Read more about our Multi Factor Authentication solutions.