Recent Posts

Categories

Archives

Security Architecture Review Of A Cloud Native Environment

September 22, 2020

Overview Due to its massive adoption, cloud computing has become a critical component for every enterprise. A large number of organisations want to migrate to the cloud, however, its security posture is still a blind spot for everyone. Nevertheless, we have seen a big rise in the number of requests… Read More

Semgrep A Practical Introduction

August 13, 2020

Static Application Security Testing or SAST is a testing methodology that analyses application source code to identify security vulnerabilities (such as, but not limited to, the Injection vulnerabilities, any Insecure Functions, Cryptographic Weaknesses and more). Typically, SAST includes both manual and automated testing techniques which complement each other. In this… Read More

Continuous Security Monitoring using ModSecurity & ELK

June 22, 2020

Recently, NotSoSecure got an opportunity to explore the working of monitoring and alerting systems as a part of a project. In this blog post,¬†Anand Tiwari¬†will talk about his experience and challenges faced while setting up one such monitoring and alerting system.   Insufficient Logging and Monitoring In 2017, OWASP introduced… Read More

Exploiting VLAN Double Tagging

April 17, 2020

We have all heard about VLAN double tagging attacks for a long time now. There have been many references and even a single packet proof of concept for VLAN double tagging attack but none of them showcase a weaponized attack. In this blog Amish Patadiya will use VLAN double tagging… Read More

Automating Pentests for Applications with Integrity Checks using Burp Suite Custom Extension

March 17, 2020

During one of our recent web application penetration testing assignments, @realsanjay encountered a scenario where the application employed an integrity check on HTTP request content. The integrity check was maintained using a custom HTTP header that stored the HMAC of HTTP request content based on session-specific CSRF tokens. Any modification… Read More