Risky Context

Sign in Subscribe

6 places to look into when auditing or assessing risks in and around Web Application Firewall (WAF)

6 places to look into when auditing or assessing risks in and around Web Application Firewall (WAF)

Web Application Firewall (WAF) has become a security imperative and absence of a WAF gets raised as a risk or an audit finding. However, many auditors and risk assessors miss some or all of the below 6 important areas related to WAF. So, here they are.

Vulnerability, Control, and Risk are not same

where-is-the-risk

Vulnerability, Control, and Risk are not same

As Pentester, auditor, or risk assessor, it is important to understand difference

Offense is not the sexiest game in town, defense is...

Offense is not the sexiest game in town, defense is...

To all those system and network administrators out there, who are thinking of jumping onto the infosec bandwagon, pentesting style because of the glamour quotient, remember - defense is better than offense. Read on...

Are you a top-down or bottoms-up person? it will matter while switching career in cybersecurity

Are you a top-down or bottoms-up person? it will matter while switching career in cybersecurity

Are you a top-down or bottom-up person? Answer to this question will be important if you are thinking about a switch into cybersecurity or move laterally within cybersecurity. Read on.

Who am I...

Who am I...

I am an information security professional. I have some scary certifications that make people think highly of me till i open my mouth. Well…. This personal site / blog is my attempt to write about information security the way I want.

'Lack of CAPTCHA' is not always a valid vulnerability or risk

where-is-the-risk

'Lack of CAPTCHA' is not always a valid vulnerability or risk

CAPTCHA is a valid security control. However, lack of it may not be a valid vulnerability in all cases and 'lack of CAPTCHA' is definitely not a risk. May be part of risk.

Risks of a cybersecurity career

Risks of a cybersecurity career

Cybersecurity is one of buzz-words promising the la-la land these days. Everyone is running towards it. However, it will help if one is aware of the 2 big risks.

A Day in a Pen-tester’s life

A Day in a Pen-tester’s life

My 2 cents on a day in a pentester's life, from the vantage point of someone who does it (sometimes) but observes it (a lot). TLDR - it is not all pentesting!

Do not kill your pentester for little or no value-add

Do not kill your pentester for little or no value-add

How to get more value out of a pentest.

External Network VAPT: tools, information sources

This is a live post; it will undergo changes, which are captured in change log, provided at the end of this post.

How to download Nessus Pro using cURL…

assuming you have a valid account with tenable and have paid for your license.

How should a CISO deal with XSS?

I got many comments (thank you, everyone, as I learnt a lot) for my article that I published some time back.