IN the agile world, where continuous iteration of development and testing happens throughout the SDLC (software development lifecycle), where there is a constant collaboration with stakeholders and continuous improvement and iteration happening at every stage, and also where development of features takes place at the rapid pace. This all makes the chances of potential security loopholes to be more and more real.


Image Credit — keycdn.com

It looks like this year has great promises at least the starting is good. Already 3 bug bounty in the pipeline(just showing off:P) and learned a nice methodology which laid down the opportunity for me to write and share this writeup with everyone. The best thing about being a part time bug bounty hunter is the learnings that it gives.


Hi Guys,

As everything starts with a bit of recon, I ran a…


The increased adoption of containers has given rise to a wide range of potential threats to microservices apps that run in containers. If you are working in an organization and your workload is over containers then this blog is more targeted for you. This is about how effectively you can secure containers by not just following a structured and more specific threat modeling approach but focussing on introducing tools at different stages of the model to prevent container security issues before you actually ship them.

Threat modeling is a structured process through which IT pros can identify potential security threats…


SECURITY

Security shouldn’t be treated as an after-thought

Design by Asif Jamal

When it comes to security, we always take it as the utmost priority. We strongly believe that “Security shouldn’t be treated as an after-thought”, it should be brought as close to engineers and as early in SDLC.


Work-from-home culture slowly becoming a norm

With work-from-home culture slowly becoming a norm, IT companies around the globe are bringing in various new developments in its team engagement tools to cater to such needs and also to compete with every increasing popularity of Zoom.


Never leave your docker registry publicly exposed! Recently, I have been exploring dockers a lot in search of misconfigurations that organizations inadvertently make and end up exposing critical services to the internet. In continuation of my last blog where I talked about how a misconfiguration of leaving a docker host/docker APIs public can leak critical assets, here I’ll be emphasizing on how shodan led me to dozens of “misconfigured” docker registries and how I penetrated one of them.

Refining Shodan Search

I tried a couple of search filters to find out publicly exposed docker registry on shodan -

  1. port:5001 200 OK
  2. port:5000 docker…


Never leave your docker host publicly exposed!

For the last couple of months, I have been exploring various concepts of container security both from the perspective of attacking a container and defending the same. Containers have already taken a big space in the market. According to Docker, over 3.5 million applications have been placed in containers using Docker technology and over 37 billion containerized applications have been downloaded. One of the biggest advantages it brings is Modernizing Traditional Apps whether its a monolithic architecture or microservices. Moving to the containerized application brings its own security risk. I will be discussing in detail the various attack and defense…


This blog is posted with the intention of a wake up call for the government to improve and strengthen its commitment towards responsible data practices and helps to highlight the below par security standards in the IT industry and bring to the attention, the importance of security and spread awareness among companies and government to take information security as importantly as any other branch. This blog is published informing both CERT-In and NCIIPC team multiple times.

During my journey to spread security awareness among Indian tech companies including private and government sectors and also in the wake of a recent…


A comprehensive blog by our security team explaining our in-house solution to deal with DNS outages

Design by Asif Jamal

Cloudflare is one of the most popular DNS and CDN service provider currently used by over 16 million internet sites. Every day, these sites utilize Cloudflare’s services for performance enhancement, DDoS mitigation, and more.

Avinash Jain (@logicbomb)

Lead Infrastructure Security Engineer | DevSecOps | Speaker | Breaking stuff to learn | Featured in Forbes, BBC| Acknowledged by Google, NASA, Yahoo, UN etc

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store