excellium services

by mrahier96 mrahier96 No Comments

Discovery of Cloud Native applications from an application security perspective

Context of the blog post

This article is based on my understanding of what is a Cloud Native application. This knowledge is mainly based on the reading of the following sources:

🎯 My goal was to try to identify which aspects of the security of an application change when an application is intended to be Cloud Native.

📍 From here, a Cloud Native Application will be called a CNA.

Read more

by mrahier96 mrahier96 No Comments

Cloud Migration Challenges

One of the most widely used technologies today is cloud computing, where workloads are hosted by vendors and accessed via the Internet automatically, without provider’s interaction at anytime and anywhere.

Cloud migration challenges - Excellium Services Belgium

Read more

by mrahier96 mrahier96 No Comments

Dnssecuritytxt: new security best practice or impractical good idea

If you are casually browsing for ways to improve your cyber security posture, you might not have come across dnssecuritytxt, and it’s understandable because it’s not very famous. But we took a look at it and wanted to share our opinion with you.

Security.txt and dnssecuritytxt

A few years ago, a concept called security.txt became popular in the online community after giants such as Google, Facebook or Dropbox started implementing it. This concept was nothing more than a .txt file that was placed in the /.well-known/ directory of a website. Its contents? Information about who to contact in case a bug is found, what the security policy of the company is, how to encrypt the proof of vulnerabilities before sending them over, and even a job page for those who might be interested. You can read this great article which goes more into the details of security.txt or you can visit our implementation of it to see what it looks like from the URL below:

Read more

by mrahier96 mrahier96 No Comments

From Log4Shell to Text4Shell…

Context of the Log4Shell Vulnerability to Text4Shell

A year ago, the infamous “Log4Shell” vulnerability on the Log4J logging library of the Apache Logging Services was disclosed. This “Remote Code Execution” (RCE) vulnerability was widely publicized, as the component was widely used and exploiting of the vulnerability was easy. Indeed, Log4Shell was more than just an RCE vulnerability. Depending on the way it was exploited, it could also be used for data exfiltration via protocols such as DNS.

Read more

by mrahier96 mrahier96 No Comments

Manage your vulnerabilities through a Risk-based approach

The number of vulnerabilities is growing day by day due to different technologies such Web applications or Cloud Computing, which is increasingly adopted by organizations as well as teleworking, so more assets are exposed and connected to the internet and the attack surface of organizations is getting more and more larger, besides hackers have shifted their focus from high to medium and low CVSS.

Read more

Top