QWERTYcle

Threat Modeling - Tools & Tips Threat Modeling Tools: An effective threat modeling process would require us to document the critical data flows and produce the results in an easy to understand format. Even though threat modeling is often attributed to security assessments, we could leverage some of the tools used by solution architects / developers  in the development sphere. Below are few examples of such tools: Swagger IO - Design, Build, and Document APIs in the Cloud in a collaborative fashion JSON Editor - View and edit JSON files Draw IO – MS Visio clone with easy to use functions and helps save in multiple formats Websequencediagram – UML Sequence Diagram and that which produces whiteboard class brainstorm diagrams  Lucidchart - Another MS Visio type application with mobile support Plant UML - The Swiss Army knife type sequence diagram tool

Tags and WebTech Web Technologies Web technologies is a general term referring to the many languages and multimedia packages that are used in conjunction with one another, to produce dynamic web sites such as this one. Each separate technology is fairly limited on it's own, and tends to require the dual use of at least one other such technology . [ Source ] The chrome extensions such as WASP.Inspector, Wappalyzer and Ghostery provide wealth of information that happen behind the scene. Although built for analyzing the performance of a website, security professionals would rather use these tools to track the web tags, technologies and API calls. WASP Inspector -  Web Analytics Solution Profiler Wappalyzer -  Identify technology on   websites Ghostery -  Privacy and security related browser-extension View the below video to see these browser extensions in action:

Cloud Security

Disclaimer: Every attempt has been made to refer the contents used in this post to their rightful owners. There is no attempt here made to plagiarize the original work in any manner. In case of an unintended use of a copyright material, the post will be immediately amended in the appropriate sense. No pun intended. ag·ile ˈajəl/ adjective 1 . able to move quickly and easily. - an  expected trait of a security professional 2 . relating to or denoting a method of project management, used especially for software development, that is characterized by the division of tasks into short phases of work and frequent reassessment and adaptation of plans. - the unwittingly favorite method of software development running amok through security folks The scope of  this blog post is limited 

Perceptions are plenty in our mind, about some things that we know and some that we don’t.  My sojourn to the Arab world is one such thing. My priority was to change my job.  Seldom did I realize that I am going to a different part of the world and the world, that’s unknown to my thoughts.  “Han ji boliye, apko kahan jaana hai”, was the voice that greeted me when I stepped out of the terminal.  That was the least I had expected in Abu Dhabi. The handsome Pakistani drove me to my destination.  I did not fail to tell him that he was the first person from across the border that I have ever spoken to.   It was time to do perform my duty for which I was paid to come here. I “walked” to my office that was two streets across the hotel where I stayed. Expecting some Europeans and local people, I was apprehensive about my communication abilities.  But that was not the case. Just when I entered, I saw a familiar face coming towards me. He was from my first c...