Author Archives: admin


Category : News Technology

What is OWASP and the OWASP Top 10?

The Open Web Application Security Project (OWASP) is a non-profit organization dedicated to providing unbiased, practical information about application security. The OWASP Top 10 Web Application Security Risks was updated in 2017 to provide guidance to developers and security professionals on the most critical vulnerabilities that are commonly found in web applications, which are also easy to exploit. These 10 application risks are dangerous because they may allow attackers to plant malware, steal data, or completely take over your computers or web servers.

OWASP Top 10 Web Application Security Risks:

Although we detects hundreds of software security flaws, we provide a razor focus on finding the problems that are “worth fixing.” The OWASP Top 10 is a list of flaws so prevalent and severe that no web application should be delivered to customers without some evidence that the software does not contain these errors.

The following identifies each of the OWASP Top 10 Web Application Security Risks, and offers solutions and best practices to prevent or re mediate them.

1. Injection

Injection flaws, such as SQL injection, LDAP injection, and CRLF injection, occur when an attacker sends untrusted data to an interpreter that is executed as a command without proper authorization.

* Application security testing can easily detect injection flaws. Developers should use parameterized queries when coding to prevent injection flaws.

2. Broken Authentication and Session Management

Incorrectly configured user and session authentication could allow attackers to compromise passwords, keys, or session tokens, or take control of users’ accounts to assume their identities.

* Multi-factor authentication, such as FIDO or dedicated apps, reduces the risk of compromised accounts.

3. Sensitive Data Exposure

Applications and APIs that don’t properly protect sensitive data such as financial data, usernames and passwords, or health information, could enable attackers to access such information to commit fraud or steal identities.

* Encryption of data at rest and in transit can help you comply with data protection regulations.

4. XML External Entity

Poorly configured XML processors evaluate external entity references within XML documents. Attackers can use external entities for attacks including remote code execution, and to disclose internal files and SMB file shares.

* Static application security testing (SAST) can discover this issue by inspecting dependencies and configuration.

5. Broken Access Control

Improperly configured or missing restrictions on authenticated users allow them to access unauthorized functionality or data, such as accessing other user’s accounts, viewing sensitive documents, and modifying data and access rights.

* Penetration testing is essential for detecting non-functional access controls; other testing methods only detect where access controls are missing.

6. Security Misconfiguration

This risk refers to improper implementation of controls intended to keep application data safe, such as misconfiguration of security headers, error messages containing sensitive information (information leakage), and not patching or upgrading systems, frameworks, and components.

* Dynamic application security testing (DAST) can detect misconfigurations, such as leaky APIs.

7. Cross-Site Scripting

Cross-site scripting (XSS) flaws give attackers the capability to inject client-side scripts into the application, for example, to redirect users to malicious websites.

* Developer training complements security testing to help programmers prevent cross-site scripting with best coding best practices, such as encoding data and input validation.

8. Insecure deserialization

Insecure deserialization flaws can enable an attacker to execute code in the application remotely, tamper or delete serialized (written to disk) objects, conduct injection attacks, and elevate privileges.

* Application security tools can detect deserialization flaws but penetration testing is frequently needed to validate the problem.

9. Using Components With Known Vulnerabilities

Developers frequently don’t know which open source and third-party components are in their applications, making it difficult to update components when new vulnerabilities are discovered. Attackers can exploit an insecure component to take over the server or steal sensitive data.

* Software composition analysis conducted at the same time as static analysis can identify insecure versions of components.

10. Insufficient Logging and Monitoring

The time to detect a breach is frequently measured in weeks or months. Insufficient logging and ineffective integration with security incident response systems allow attackers to pivot to other systems and maintain persistent threats.

* Think like an attacker and use pen testing to find out if you have sufficient monitoring; examine your logs after pen testing.

Management Programme for Women Entrepreneurs (MPWE-2015)

Category : NSRCEL at IIMB

MANAGEMENT PROGRAMME FOR WOMEN ENTREPRENEURS The Indian Institute of Management Bangalore (IIMB) announces its 12th Management Programme for Women Entrepreneurs (MPWE) to be held at the Institute from April 27, 2015 – May 16, 2015. Coordinated by the NS Raghavan Centre for Entrepreneurial Learning, this comprehensive program enables aspiring women entrepreneurs to convert their raw business ideas into viable business plans. It also empowers women entrepreneurs with existing businesses and / or social enterprises to grow further. Over the last decade, the program has helped create new ventures as well as lifted ongoing businesses to the next level.

The MPWE 2015 will be inaugurated on April 27, 2015 at 9:00 am.
Classes will be held from Monday to Saturday.
[Class timings: Monday-Friday from 9 am – 5.00 pm & Saturdays from 9 am – 1.15 pm]

Management Programme for Entrepreneurs and Family Businesses (MPEFB-9)

Category : NSRCEL at IIMB

Entrepreneurship in the business context is the process of creating or spotting a business opportunity, making substantial investment, often more than the financial resources available with the entrepreneur, formulating strategy to expand the business and continuously repeating the opportunity-investment-expansion cycle. Entrepreneurs at different points of their entrepreneurial journey directly involve in managing business and hence a broader understanding of business management is useful. Family business is an existing business build by some family members who were entrepreneurs at some point of time in the past. The opportunity- investment-expansion cycle is also relevant for the family businesses. Since family members directly participate in the management of business, a broader knowledge of business management is useful in running successful family business. Management Programme for Entrepreneurship and Family Businesses (MPEFB) aims to provide inputs that are relevant for entrepreneurs and members of family businesses in creating and managing new business as well as existing businesses.

India with changing economic environment, demography, life style and economic development provides great business opportunities for entrepreneurs. Despite not so healthy global economic conditions, India is still attractive for many overseas companies to source services and components which are globally competitive both on cost and quality. Entrepreneurial activities increased in India dramatically and family businesses are equally growing in the last few years. Since most entrepreneurs and new entrants of family businesses have no experience in managing business, MPEFB gives them an opportunity to learn fundamental principles of managing businesses that are relevant to this group from one of the India’s top business schools. The programme is offered by the Nadathur S Raghavan Centre for Entrepreneurial Learning (NSRCEL) of IIM Bangalore. All successful candidates would be awarded a certificate issued by IIM Bangalore.



Category : NSRCEL at IIMB



Converting a business idea into a successful business calls for a great deal of planning and careful execution, and having a mentor during this process can give a fledgling entrepreneur an edge. If you have a great idea and an entrepreneurial streak, with an appetite for high achievement and a willingness to take risks, the N S Raghavan Centre for Entrepreneurial Learning (NSRCEL) is the place for you. NSRCEL’s mission is to take ideas to implementation through a structured mentoring programme that helps entrepreneurs create successful business entities out of excellent ideas.


  • Email
  • Phone
  • Address
    Shop no. 133 Mayur Trade Center Near Chinchwad Railway Station,, Pimpri-Chinchwad, Pune, Maharashtra 411019