~/Cedric

Cedric is a member since Fri May 18 09:53:17 2018 and is the creator of the following object(s):

No definition of responsibilities Vulnerabilities
Are security responsibilities defined? Are they formal? Are there double responsibilities? Is the four-eyes principle applied?
MITRE ATT&CK - Mobile Mitigations Recommendations
Mobile Mitigations from MITRE ATT&CK® © 2020 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.
Coronavirus: COVID-19 Recommendations
Remommendations for Coronavirus: COVID-19, inspired from gouvernement.lu/coronavirus.
Preventive Measure Recommendations
Preventive measures based on the ransomware document overview as published in https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml# . The preventive measures are quite generic and can fit any standard Windows infrastructure and their security measures.
ANSSI-LU - KPI et Recommandations Recommendations
ANSSI-LU - KPI et Recommandations
A03:2021 – Injection Vulnerabilities
Some of the more common injections are SQL, NoSQL, OS command, Object Relational Mapping (ORM), LDAP, and Expression Language (EL) or Object Graph Navigation Library (OGNL) injection. The concept is identical among all interpreters. Source code review is the best method of detecting if applications are vulnerable to injections. Automated testing of all parameters, headers, URL, cookies, JSON, SOAP, and XML data inputs is strongly encouraged. Organizations can include the static source (SAST) and dynamic application test (DAST) tools into the CI/CD pipeline to identify introduced injection flaws before production deployment.
A10:2021 – Server-Side Request Forgery (SSRF) Vulnerabilities
SSRF flaws occur whenever a web application is fetching a remote resource without validating the user-supplied URL. It allows an attacker to coerce the application to send a crafted request to an unexpected destination, even when protected by a firewall, VPN, or another type of network ACL.
A07:2021 – Identification and Authentication Failures Vulnerabilities
Confirmation of the user's identity, authentication, and session management is critical to protect against authentication-related attacks.
A04:2021 – Insecure Design Vulnerabilities
Insecure design is a broad category representing many different weaknesses, expressed as “missing or ineffective control design.” Missing insecure design is where a control is absent. For example, imagine code that should be encrypting sensitive data, but there is no method. Ineffective insecure design is where a threat could be realized, but insufficient domain (business) logic validation prevents the action. For example, imagine domain logic that is supposed to process pandemic tax relief based upon income brackets but does not validate that all inputs are correctly signed and provides a much more significant relief benefit than should be granted.
ISO/IEC 27002 [2013][de] Security referentials
ISO/IEC 27002:2013 controls
displaying 5061 - 5070 objects in total 5075