Skip to main content

Posts

Cyber Security Best Practice for daily use

Below are some of observations and Cyber security best practices for daily use. If you are secure,  safe and healthy so you can make others as well. What we practice everyday it becomes our habit.  if you follow some basic and standard practice which may avoid some possible damage or loss. Email ID and Mobile Number:   Manage separate Email-Id and mobile number for your banking and such important activities, avoid sharing this Email-Id with anyone. Login to such email id in separate browser or use incognito mode.  Opt for second factor authentication for your personal email id, banking to add extra layer of security.  Use of basic phone for banking mobile number (SIM card).  Banking: Avoid sharing banking, bank account details.  Avoid storing card pin, card number, CVV number, banking details or banking cerdentials on insecure file or storage.  Make a habit of changing banking password more frequently.  Deactivate unused or inactive credit card, Debit Card.  Ava
Recent posts

Product/Application/ Software Security Testing

Product/Application/ Software Security Testing Application Security testing is the process to find security issues or security vulnerability in the application using automated and manual security scanner tools and share the identified issues or risk with development or application team. Process will remain mostly same in all the different types of application security scan. Before initiating security scan, its always good to identify the boundary and scope of your security testing.  Below are the few example of which we can consider as Application or software. ( Scope for Application Security Testing) Web Application, Portal. Web API. Desktop Software / Thick Client. Mobile Application. Web Services.  Plug in, Add-On The goal of application security is to secure the application and prevent the unwanted damaged. The process of performing security scan or audit is know as ASA (Application Security Assessment). Generally there are three types of ASA, SAST, DAST and PT. 

Generate new token on each request in MVC Ajax post call (Custom Code)

Generate new token on each request in MVC Ajax post call (Custom Code) Step: 1 In controller add below Code to generate new random token and store it in the session protected string GenerateCSRFToken() {   RandomNumberGenerator rng = new RNGCryptoServiceProvider ( "Add Your Salt String" );   var tokenData = new byte [64];  rng.GetBytes(tokenData);   var token = Convert .ToBase64String(tokenData);  Session[ "CSRFtoken" ] = token.Trim();  return token; } Step: 2 In controller generate new token and pass it to view using ViewData. public ActionResult Index() {  ViewData[ "CSRFtoken" ] = GenerateCSRFToken();  return View(); } Step: 3 In View create hidden field and assign ViewData value to it. < input type ="hidden" value =" @ ViewData[ "CSRFtoken" ] " id ="hdnCSRFtoken" /> Step: 4 In View read and pass the hidden field value as method parameter/

Password Protected File Validation for(.doc/.docx/.xls/.xlsx/.pdf) file types

Password Protected File Validation for(.doc/.docx/.xls/.xlsx/.pdf) file types protected void btnUpload_Click( object sender, EventArgs e)         {             //Check if File Upload control has file or not             if (FileUpload1.HasFile)             {                 //Get Uploaded file bytes                 var bytes = FileUpload1.FileBytes;                 //Get Uploaded File Extension                 FileInfo objFileInfo = new FileInfo (FileUpload1.FileName);                 string StrFileExt = objFileInfo.Extension.ToUpper();                                 //Based on the File extension call appropriate user defined method.                 //For PDF file type                 if (StrFileExt == ".PDF" )                 {                     //Upload and save file in server temp folder                     var newfilename = DateTime .Now.GetHashCode() + FileUpload1.FileName;                     FileUpload1.SaveAs(Syst