Blog

IDOR Vulnerabilities In Web Applications

IDOR Vulnerabilities in Web Applications (Insecure Direct Object Reference) – There’s a good chance they’re alive and well in your web applications. And in this 10 minute video, Kyle and our friend and penetration test expert Chris Centore (OSCP) explain what they are and why they’re so prevalent – and give a demonstration of how easy it is for hackers to exploit them. Also, we offer guidance on how to find and resolve them.

IDOR Vulnerabilities in Web Applications

For additional information please see our PDF file available for download at:

Hacking Web Applications and APIs

Also, please visit our Channel for free helpful information on how to strengthen your cybersecurity posture, reduce risk of data breach and personal identity theft – and LIKE and SUBSCRIBE!

https://www.youtube.com/channel/UC7YHBN8MC2T2sVB411jC79Q

And please visit us on

https://www.linkedin.com/organization-guest/company/klc-consulting-inc/

We have related video discussion for you about Current Trends in Vulnerabilities:

Current Trends in Data Breaches

For more information contact Paul Casassa, Director of Operations at (617) 314-9721 x158. Thank you!

Hacking Web Applications and APIs

This presentation focuses on How to prevent cybercriminals from hacking web applications and API’s: Why are they difficult to secure? And what’s the trend and risks from these attacks? Also, how do we improve application security and reduce risks?

Please download the pdf here:

https://klcconsulting.net/wp-content/uploads/2020/07/Hacking-Web-Apps-and-APIs-Trend-and-Risk-v3.1pdf

CISO Platform Virtual Summit, 17-18 July, 2020

This presentation given by Kyle Lai at the virtual CISO Platform. The event was watched by over 1,600 attendees

The Verizon Data Breach Investigation Report (DBIR) 2020 shows Web Applications make up 90% of the attack vectors used by hackers. Web Applications and APIs are becoming increasingly complex with cloud, modern authentication, DevOps, container, open source libraries and other components. And hackers are preying on your application security mistakes!

This article gives thought leadership about How to prevent cybercriminals from hacking web applications and API’s

And to watch our discussion analysis of threat trends from the Verizon 2020 DBIR (Data Breach Investigation Report) please click here:

Also, please visit our Channel for free helpful information on how to strengthen your cybersecurity posture, reduce risk of data breach and personal identity theft; and LIKE and SUBSCRIBE!

https://www.youtube.com/channel/UC7YHBN8MC2T2sVB411jC79Q

And please visit us on

https://www.linkedin.com/organization-guest/company/klc-consulting-inc/

And for additional information on IDOR Vulnerabilities in Web Applications and API’s please check out our discussion video:

For more information please contact Paul Casassa, Director of Operations at (617) 314-9721 x158. Thank you!

Secure Your Home Office Network

People are working remotely from home because of the COVID-19 pandemic. But have you opened a door for hackers to steal your personal identity? Most likely yes you have! We can help. Because in this video we show you how to Secure Your Home Office Network.

• Where Home Office networks are unsecure.
• How computer hackers find victims.
• The ways hackers exploit these new opportunities.
• And why software solutions alone are not enough.

We tell you how to secure your Home Office network so you won’t fall victim to personal identity theft and you will help your company protect its confidential information and Intellectual Property.

https://klcconsulting.net/services/secure-it-network-cloud-network-and-wireless-network-design-cloud-migration/

The COVID-19 pandemic has caused a migration of employees from the workplace to working from home, which also has changed cybersecurity for companies and employees. 

Many companies had a limited acceptance of Work From Home culture
IT staff were overwhelmed, many lacked bandwidth, capability and adequate policies-procedures, and employee training programs.  The initial top priority was to restore employee productivity by quickly establishing Work From Home capability. Information Security and protection of Intellectual Property received diminished priority.  Companies are now working to restore cybersecurity posture.

Typical Security Deficiencies in Home/Home-Office Networks:

1.       No channel segregation in WIFI router between business and personal use.
2.       WiFi routers have out of date firmware and lack security patch updates.
3.       Home computers and IoT devices infected with freeware, malware and spyware
4.       Home devices not patched with latest updates (both Windows and Apple devices)
5.       Home WiFi networks aren’t secured (password protected)
6.       No passwords or weak passwords
7.       Windows Operating System security patch updates not being applied.
8.       Privacy Settings for Webcam and Microphones are left to unsecure default settings
9.       No routine data backup
10.   Parents allow children to use business devices for personal use.
 
How Hackers Exploit Company Networks through Unsecure Home/Home-Office Networks:

1.       Unsecure devices are the easiest point of attack
2.       Devices lacking recent security patches are especially vulnerable
3.       Phishing Scams involving COVID-19 pandemic and Federal Government Financial Relief program themes are popular exploits
4.       Hackers inject Virus & Malware infections through Phishing and malicious freeware/spyware downloads
5.       Ransomeware encrypts a victim’s hard drive to extort cryptocurrency payment in exchange for the decryption key
6.       Hacking of cameras and microphones to steal confidential information
7.       Weak passwords are easily broken
 
How hackers steal Personal Identity:

1.       Weak passwords and lack of 2 Factor Authentication (2FA) lead to compromise of other online accounts including banking, investment and social media
2.       If a C-Level Executive’s social media account is hijacked a hacker can make misleading statements to adversely manipulate company stock value
3.       Compromise of online gaming accounts allow for fraudulent online purchases
4.       Theft of Cryptocurrency Wallets

How hackers select a target:

1.       Most often they indiscriminately scan the internet in search of easiest target
2.       They selectively target high profile public people through Internet and Social Media searches.
3.       Utilize vulnerability scanning tools widely available on the internet or purchased through the Dark web.
4.       Hackers are available for hire on the Dark Webl
 
Threat detection software, endpoint solutions and even AI enhanced solutions aren’t enough to prevent data hacking:

1.       Data security is about people, process and technology. 
2.       Companies need to conduct periodic security assessments to ensure policies are working effectively.
3.       Perform vulnerability assessments and penetration tests to determine if software solutions are effectively blocking attacks
4.       Conduct social engineering testing to determine employee readiness to avoid phishing attacks
5.       Provide on going employee training about latest phishing and security threats.
 
 
Our recommendations to improve security of Home/Home-Office networks:

1.       Update WiFi router firmware or replace router with new model
2.       Install antivirus software on all Windows & Apple devices; keep it up to date.
3.       Update Operating Systems on all Windows & Apple devices, including Mobile Devices
4.       Don’t click on email links when you don’t know the sender
5.       Confirm the legitimacy of sender you know by verifying their email address
6.       Don’t share company laptops with family members.  Separate business assets from personal assets.
7.       Lock the screen when stepping away from your desk.
8.       Notify your corporate/outsourced IT provider when a virus or malware strikes.
9.       Segregate home WiFi network into distinct business production and guest use segments
10.   Consider upgrading to a more secure business grade firewall
11.   Check with your Internet Service Provider about FREE antivirus software
 
 
 
 
 

 

We provide secure network and secure home office network design services:

Please visit our channel, and LIKE and SUBSCRIBE!

https://www.youtube.com/channel/UC7YHBN8MC2T2sVB411jC79Q

And please also check us out on

https://www.linkedin.com/company/klc-consulting-inc-

For more information please contact Paul Casassa, Director of Operations at (617) 314-9721 x158. Thanks!

TOP