EFY Times  
Monday, April 21, 2014

 
GO
 
 

'India Has Immense Under-Utilised Talent In The Cloud Security Space'
 
Home >> Infotech >> Interviews
 
'India Has Immense Under-Utilised Talent In The Cloud Security Space'  
 
Diksha P Gupta from EFYTimes.com spoke to Ritesh Sarvaiya, CEO, Defencely.com, to understand the website security scene in India, and the online threats that will affect Indian SMEs and SMBs. Read on…   
Rate this news:  (19 Votes)
Monday, August 19, 2013 Website security is getting increasingly challenging with ‘innovative’ attacks emerging every day. But, thankfully, as threats increase, so do the security measures. Defencely.com shares insights on website security scene in India, and the online threats that will affect Indian SMEs and SMBs. Read on…

Please share some details about what Defencely does with respect to cloud security?

Modern day attackers can plant a cookie attack, a sniffer, misleading information or anything that can put visitors or customers who visit your website, at risk. So, it becomes extremely important for website managers to be aware of these constantly evolving threats. It is your responsibility to make sure that your security parameters are all up to date, and we at Defencely.com can help you to make your website secure, as we have done for global technology giants like Google, Apple, Facebook, PayPal, etc.

Defencely.com currently focuses only on Web applications, penetration testing, and vulnerability reporting and fixing. The first phase of the company’s operations commenced just three months back. We are primarily focusing on Open Web Application Security Project methodology. In fact, we provide the industry’s early stage testing services; 80 per cent of our work is in manual ‘Search and Report’ mode and 20 per cent via the automated tools.

Website, Website security, SQL Injection, Web application,Defencely, EFYTimes.com, SSL Certificates, Website hacking, Zero day vulnerability, Website security, Social media




How do you see the cloud security space evolving in India?

As far as cloud security in India is concerned, it has immense scope. India has only about five to 10 recognised cloud security companies that deal in all kinds of cloud application testing. Though Indian companies do focus on cloud security services, this sector, so far, has not been organised because of India’s cyber laws, which according to me, are not up to the mark. India has ample talent in this domain but it is not utilised so far. We aim to utilise these brains in this niche field and bring them together under our banner to become the world’s biggest cloud security company. Having said that, I am hopeful that the future of cloud security in India is pretty bright.

India is going online and there is growing awareness about security. But are Indians, particularly the SMEs and the SMBs, aware of the concept of website security?

India is going online at a faster pace than we expected and there is a lot of scope in that domain as well. Hundreds of e-commerce start-ups are being launched, which is a clear indicator of the growth in the online activity of Indians. Overall, it is a good scenario, but one cannot deny the fact that growing online activity also increases the threats. We at Defencely.com are serious about this issue, and we aim to be involved particularly with SMBs and­­ SMEs to create awareness about the virtual losses that they may have to face because of not securing their websites. Let’s imagine a scenario where an e-commerce portal gets compromised because of some zero day vulnerability, and hackers misuse the entire database of the portal, including the financial information and personal details of its buyers. Despite being technically sound, small and big online companies overlook the importance of online security. To a lot of online companies, the term ‘hacking’ means email or credit card hacking. But hacking has evolved and is a million dollar business at present. It is high time that Indian SMBs and SMEs get aware of such threats and start taking appropriate Web security measures. Modern day security services are complete packages of security.

What are the most common vulnerabilities that websites are exposed to, in the modern day world?

Some of the most common threats to most Web applications are:
(a) Injection vulnerabilities and cross-site scripting: These are two of the most commonly found vulnerabilities that can occur in any website or Web application. There are various forms of injection attacks, including SQL, operating system, email and LDAP injection, and they all work by sending malicious data to an application as part of a command or query.
(b) Cross-site scripting (XSS): These attacks target an application’s users by injecting malicious code—usually client-side scripting such as JavaScript—into a Web application’s output. Whenever the compromised output or page is viewed, the browser executes the code, allowing an attacker to hijack user sessions, redirect the user to a malicious site or simply deface the page. XSS attacks are possible within the contents of a dynamically generated page whenever an application incorporates user-supplied data without properly validating or escaping it.
(c) Broken authentication and session management: Application functions related to authentication and session management are often not implemented correctly, allowing attackers to compromise passwords, keys and session tokens, or exploit other implementation flaws to assume other users’ identities.
(d) Insecure direct object references: A direct object reference occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, or database key. Without an access control check or other protection, attackers can manipulate these references to access unauthorised data.
(e) Security misconfiguration: Good security requires having a secure configuration defined and deployed for the application, frameworks, application server, Web server, database server and platform. All these settings should be defined, implemented and maintained, as many are not shipped with secure defaults. This includes keeping all software up to date, including all code libraries used by the application.
In order to prevent all these threats, developers need to have specific knowledge of how to code Web applications, keeping Web vulnerabilities in mind.

Can you share some tips to ensure website security?

It is sad to see websites getting hacked, by and large, on a daily basis. There are numerous steps to ensure a website’s security. When was the last time you moved your files from their default locations to new ones? When was the last time you moulded your HT Access file, or when was it that you noticed your Web mail ID generating spam mail? When was the last time you scanned your website to check if it was affected with any new online threats? Such factors, among many others, play a vital role in shaping your website’s security. I guess the best way to get started is to hire an online security company. There are some companies that don’t charge a lot to trial-level users.

How is Defencely contributing to increasing awareness about website security?

Defencely doesn’t limit itself to just providing cloud security services, but has a lot more to offer. Timely reporting of security vulnerabilities is what the core team at Defencely aims at. Paypal’s recognition of Defencely being one of the top 10 cloud security companies isn’t the only achievement of the firm. Several other giants such as FaceBook, Apple, Zynga, SoundCloud and iFixit have applauded Defencely for its dedicated work.

With social media being integrated in the websites, does that increase the challenges of administering website security?

Most of the social media websites spend millions of dollars to keep their security at very high levels, because of which IT guys do not have to worry about anything specific.

Why do websites get hacked?

Although there are no specific patterns that hackers follow, there are a few common loopholes that often get exploited.
a) Zero day vulnerabilities: Regardless of whether you have a blog or own a successful Internet business, how often do you consult with a cloud penetration services company for an assessment of your business’s online security? ‘Zero day vulnerabilities’ are explained as those unattended website details that were ignored during the development of the website. Once the website is launched and running, the owner tends to ignore reallocation of key directory files and many other sub-domain URLs, a practice that could be harmful to the business’s integrity.
b) Exploitation is a hacker’s favourite tool: Seeing today’s cloud security scenario, you should know that many websites are not actually hacked, but exposed through exploits. If the website is lacking security because of weak iFrame modules, improper implementation of user info security parameters, failure in redirecting users to secure pages, or the implementation of outdated SSL certificates, the attacker simply has to misuse that information – in other words, the process is called exploitation.
c) Technically incorrect: The third category actually involves brute force hacking. We are talking about password cracking, decryption, fuzzing and sending out information to servers. Such forms of hacking are most severe and highly dangerous for any Web business owner. In all scenarios, your best bet is to consult with a credible security services company to shield you from such unforeseen incidents in the near future.

SQL injection is also one of the major threats to a website. Does Defencely offer a specific solution to SQL injection attacks?

Fixing SQL injection is part of the bundled services that we provide at Defencely.com. Once we scan the website with our high-end scanners, we immediately come to know where there are higher chances of SQL injection on a client’s Web application; and as a remedy, we patch it immediately, to keep the client’s website secure from this threat.



Print Email Post Comment 
(Total Views: 5472)
 
Share
 
 
Infotech News
   
Here Are 14 Superb Google Services You Perhaps Missed!
Top 8 P2P Software To Download Torrents With!
Google Chromecast Now Available In India!
Samsung Galaxy Tab 3 10.1 Tablet Now Listed Online @Rs 36,340
LG Launches Android KitKat Running Lucid 3
 
 
 
     
     
     
Press Release
     
Phoseon Technology Participates In UV ...
Vision Tablet By E-Ceros Sheds New ...
Mecmesin Announces ‘Helixa’ Precision ...
Unicon Enlisted By The Fashion ...
New 3.5-Inch LCD Module For Handheld ...
New ETA Cabling Connection ...
IGBT-Based Power Module Market To Grow ...
Agent 18 Introduces Fresh Line Of ...
Cyber Security Market Worth $155.74 ...
High Throughput Screening (HTS) Market ...
Altec Team Up With Sage On The “Inspire ...
Slovenian Teacher Reports MetaMoJi’s ...
Cell Analysis Market (Flow Cytometer, ...
Paragon Software Launches “Pure ...
CollabRx And Affymetrix Partner To ...
Larson Electronics Releases A 10 Watt ...
New Report Highlights Slates, Tablets ...
Text Analytics Market Worth $4.90 ...
New Kickstarter Launched For World’s ...
Elliptic Technologies Announces The ...
InterDev Awarded Managed IT Services ...
Telematics Update Asks Telematics ...
Western Europe MVNO Market Business ...
LCD TV Growth Improving, As Plasma And ...
Wireless Bridge Collection From The ...
 
Connecticut Expands Simplifile ...
Cheap 5 M Active USB 3.0 Repeater ...
Amara Taps Capsule Tech As Exclusive ...
pMD Charge Capture Releases Integrated ...
Continuum Advisors Partners With ...
iPatientCare Updates iPad EHR App, ...
Wearable Technology 2014-2024: ...
Innovative iPhone Data Recovery ...
CoCENTRIX Receives Surescripts 2013 ...
Newly Published China Lead-Acid Battery ...
eDepoze Proudly Announces McCorkle ...
Location Based Services (LBS) Market ...
Altec Gathers With Partners And Vendors ...
Temporary Construction LED String ...
Global Market For Wearable Computing ...
New Release Of MapleSim Toolbox Expands ...
Circuit Breaker & Fuse Market By Type ...
The New H2O/Purity/Decomposition ...
Wireless Gigabit (WiGig) Market Worth ...
Fujitsu And AnythingIT Surpass ...
L-com Offers Keystone Panel Mount ...
Discounted Samsung Galaxy Tab 3 Lite ...
A-Crystal Electronic Technology ...
Research Report On Physical Vapor ...
F&I Express Adds Portfolio To Its ...
     
     
     
     
     
Most popular
 
Features
Here Are 14 Superb Google Services You Perhaps Missed!
Google has services that can take you into space and others that can skyrocket your businesses!...
Top 8 P2P Software To Download Torrents With!
A torrent needs a torrent client and without it, you're not going to get what you need....
8 Of The Best Free Proxy Websites For Anonymous Surfing
The following websites are trusted and malware-free as well!...
10 Useful Places Hosting Informative Podcasts On Linux
Tutorials, books, videos and now podcasts, here's yet another way to learn Linux....
12 Cloud Management Tools And Hypervisors
Open Source and Cloud Computing together can be the most lethal combination. It's a mixture of functionality with easy availability!...
Getting The Most Out Of Linux Mint With These Cool Tips And Tricks
Linux Mint has the same look and feel as XP, switching over will in all probability be a breeze for long time XP users....
15 Intrusion Detection Tools For Penetration Testers And Hackers
Network monitoring and intrusion detection are two top priority tasks for ensuring a secure network....
Here Are 10 Cool Android Tools For Hacking!
Go on and hack that Android device, have some fun with these amazing hacking tools that will get the job done. ...
Looking To Bring Out The Best Of OpenGL? Read These 10 Good Books!
Get acquainted with these books to know all that there is in the world of 2D and 3D vector graphics, courtesy OpenGL. ...
13 Linux Emulators That Take You Back In Time!
Bring back the Commodore 64 platform to your desktop, or Atari, even Sinclair. These 13 emulators offer a trip down memory lane....
Smartphone Review: Micromax Canvas Knight A350
We review the much-ambitious Micromax Canvas Knight and find out if it’s really worth all the hype…...
Are You A Developer? Here Are 10 Must-Read 'Free' Books On Software Architecture
Download right away, and get to know every aspect of software architecture......
8 Videos And Play Lists For Your Daily Dose Of Ethical Hacking And Cryptography
These videos will take you on a step-by-step journey into the world of ethical hacking. ...
Are You Into Android Development? Here Are 10 Good Books For You!
Try out these books, know everything there is to know about the fantastic world of Android app development....
Top 7 Source Code Editors That You Can Use
Comfort in the source code editor is very important for a programmer to be productive....
 
  View All
Dialogue
 
HTC Is Strong And There Are No Plans Of Sale Now Or In Future, Says HTC's Senior Director-Marketing
Atithya Amaresh from EFYTimes had an exclusive chat with Sirpa H. Ikola, senior director, Marketing, South Asia, HTC about its devices and its plans w...
“Cloud And Hybrid Hosting Are The Way To Go!”
Diksha P Gupta from Open Source For You spoke to Anil Chandaliya, chief network administrator, ESDS, about how customers can play safe while dealing w...
"Linux Interoperability Has Been Enabled Through Work Across Microsoft"
Diksha P Gupta from the OSFY team spoke to Dr K Y Srinivasan, principal architect at Microsoft, about how the company is moving ahead on the open trac...
"For Modern Day Tablets And Smartphones, Android Has Become A Default"
Diksha P Gupta from EFYTimes.com spoke to Indrajit Sabharwal, managing director, Simmtronics Semiconductors Ltd, about the compan...
"Torvalds' Blunt, Harsh Criticism Helps Open Source Grow"
Steve Ballmer called Linux 'cancer, which attached itself... to everything it touches,' in 2001 and oh-so-rightly. ...
   
  View All
Videos
 
First Look: LG Optimus G
The phone sports a high-end display and comes powered by a powerful processor. ...
Create QR-Codes For Free
TEC-IT releases the freeware QR-Code Studio to provide a quick and convenient way of QR code creation for every application scenario....
DoT Secretary Shares Plans For Growth Of Telecom Sector
M.F. Farooqui has recently taken charge as secretary, Department of Telecom....
Hands-On: Sony Xperia Z
Xperia Z is Sony's first entrant model in the big-screen smartphone category. ...
Hands On: Videocon A30 Smartphone
Videocon, the consumer electronics company which is known for its refrigerators, washing machine and air-conditioner has unveiled its Android-based sm...
   
View All
   
 
MWC 2014
 
MWC 2014: Tablet Lets People Feel Textures On Its Screen
Now feel what you see on your tablet, by way of ultrasonic waves....
MWC 2014: 4K Android Tablet Games To Kill Consoles, iPad
Tablet makers like Samsung want to beat the iPad by making 4K tabs. ...
MWC 2014: This Vodafone Backpack Helps Get Network In Disaster Situations
Two engineers of Vodafone New Zealand displayed the "mini" mobile network by Vodafone substructure in a backpack. ...
MWC 2014: Wilocity Chipset To Bring 'Lightening' Speed To Mobile Phones
Wilocity has developed a WiGig chipset for mobile phones that will bring lightning-fast wireless capability ...
MWC 2014: Samsung Introduces Octacore, Hexacore Chipsets
The Korean giant, Samsung unveiled two new octacore and hexacore chipsets at MWC 2014, in Barcelona. The company previously used Exynos 5 Octa 5410 ch...
MWC 2014: Alcatel Unveils PIXI 7 Tablet With Android 4.4
Alcatel arrived at the MWC 2014 with yet another low cost Android tablet, priced at $110 ...
MWC 2014: LG F70 Unveiled With Android 4.4
LG announced the new LTE-enabled Android smartphone, LG F70, at MWC 2014 in Barcelona. ...
   
View All
   
 
Events
 
19th Consumer Electronic Imaging Fair To Be Held On ...

View All
   
   
 
 

home archives contact us advertise with us
           
Magazines Portals Directories Events News Verticals Educational Institute  
Electronics for You
Open Source for You
Facts for You
Electronics Bazaar
electronicsforu.com
efytimes.com
bpotimes.com
linuxforu.com
Electronics Annual Guide
EFY EXPO
EFY Awards
EduTech Expo
OSIDAYS Expo
Electronics
Infotech
Linux & Open Source
Consumer Electronics
Science & Technology
BPO
EFY Techcenter 
 
 
© Copyright 2014 EFY Enterprises Pvt. Ltd.
All rights reserved. Reproduction in whole or in part in any form or medium without written permission is prohibited.
Usage of the content from the web site is subject to Terms and Conditions