Search found 314 matches

by Rajkumar
Wed Aug 14, 2019 2:42 pm
Forum: Web Security
Topic: What is you preferred - Bug bounty or security testing?
Replies: 0
Views: 86

What is you preferred - Bug bounty or security testing?

Both are fine, just support your answer like Bug Bounty is decentralised, can identify rare bugs, large pool of testers etc.
by Rajkumar
Wed Aug 14, 2019 2:41 pm
Forum: Web Security
Topic: What are your thoughts about Blue team and red team?
Replies: 0
Views: 53

What are your thoughts about Blue team and red team?

Red team is the attacker and blue team the defender. Being on the red team seems fun but being in the blue team is difficult as you need to understand the attacks and methodologies the red team may follow.
by Rajkumar
Wed Aug 14, 2019 2:40 pm
Forum: Web Security
Topic: Software testing vs. penetration testing?
Replies: 0
Views: 54

Software testing vs. penetration testing?

Software testing just focuses on the functionality of the software and not the security aspect. A penetration testing will help identify and address the security vulnerabilities.
by Rajkumar
Wed Aug 14, 2019 2:39 pm
Forum: Web Security
Topic: Which one is more acceptable?
Replies: 0
Views: 57

Which one is more acceptable?

False positives are more acceptable. False negatives will lead to intrusions happening without getting noticed.
by Rajkumar
Wed Aug 14, 2019 2:38 pm
Forum: Web Security
Topic: What is a false positive and false negative in case of IDS?
Replies: 0
Views: 59

What is a false positive and false negative in case of IDS?

When the device generated an alert for an intrusion which has actually not happened: this is false positive and if the device has not generated any alert and the intrusion has actually happened, this is the case of a false negative.
by Rajkumar
Wed Aug 14, 2019 2:37 pm
Forum: Web Security
Topic: How do you handle AntiVirus alerts?
Replies: 0
Views: 55

How do you handle AntiVirus alerts?

Check the policy for the AV and then the alert. If the alert is for a legitimate file then it can be whitelisted and if this is malicious file then it can be quarantined/deleted. The hash of the file can be checked for reputation on various websites like virustotal, malwares.com etc. AV needs to be ...
by Rajkumar
Wed Aug 14, 2019 2:37 pm
Forum: Web Security
Topic: What is the difference between policies, processes and guidelines?
Replies: 0
Views: 50

What is the difference between policies, processes and guidelines?

As security policy defines the security objectives and the security framework of an organisation. A process is a detailed step by step how to document that specifies the exact action which will be necessary to implement important security mechanism. Guidelines are recommendations which can be custom...
by Rajkumar
Wed Aug 14, 2019 2:36 pm
Forum: Web Security
Topic: How does a Process Audit go?
Replies: 0
Views: 57

How does a Process Audit go?

The first thing to do is to identify the scope of the audit followed by a document of the process. Study the document carefully and then identify the areas which you consider are weak. The company might have compensatory controls in place. Verify they are enough.
by Rajkumar
Wed Aug 14, 2019 2:35 pm
Forum: Web Security
Topic: How do you govern various security objects?
Replies: 0
Views: 61

How do you govern various security objects?

Various security objects are governed with the help of KPI (Key Performance Indicators). Let us take the example of windows patch, agreed KPI can be 99%. It means that 99% of the PCs will have the latest or last month’s patch. On similar lines various security objects can be managed.
by Rajkumar
Wed Aug 14, 2019 2:32 pm
Forum: Web Security
Topic: How often should Patch management be performed?
Replies: 0
Views: 52

How often should Patch management be performed?

Patch should be managed as soon as it gets released. For windows – patches released every second Tuesday of the month by Microsoft. It should be applied to all machines not later than 1 month. Same is for network devices, patch as soon as it gets released. Follow a proper patch management process.