Skip to main content


Showing posts from April, 2019

Web Application Firewall (WAF) testing Framework

Dear Information Security Hero's, I planned to share some tools which really help you while implementing WAF. Sometime after completing the installation customer will ask "I did not see any attacks, is your WAF working fine ?? " So, to avoid this kind of question, Use the below tool that enables you to evaluate the security efficacy of your web application security solution Unlike other application scanners, which only check for vulnerabilities, it generates both legitimate traffic and attacks traffic to determine if your security solution stops attacks without blocking valid requests. Here only providing top tools only... LightBulb Framework The framework consists of two main algorithms: GOFA: An active learning algorithm that infers symbolic representations of automata in the standard membership/equivalence query model. Active learning algorithms permit the analysis of filter and sanitizer programs remotely, i.e. given only the ability to query the targeted p  Microsoft

Security Automation and Orchestration (SOAR) success and Best Practice

What is security automation and orchestration?   Gartner defines SOAR solutions as "technologies that enable organizations to collect security threats data and alerts from different sources, where incident analysis and triage can be performed leveraging a combination of human and machine power to help define, prioritize and drive standardized incident response activities according to a standard workflow." It adds, "SOAR tools allow an organization to define incident analysis and response procedures (aka plays in a security operations playbook) in a digital workflow format, such that a range of machine-driven activities can be automated . " Security automation – the use of information technology in place of manual processes for cyber incident response and security event management.  Security orchestration – the integration of security and information technology tools designed to streamline processes and drive security automation. Measuring automation success   The