White Papers
- API Security: Threats, Best Practices, Challenges, and Way forward using AI -- by CSIRT-Fin, CERT-In and Mastercard -> CIWP-2023-0001
An Application Programming Interface (API) is a data connection allowing data to be shared with other applications. They can be viewed as digital middlemen between organisations / enterprises and platforms that need to access data for driving innovation, increasing reach, discover new business models, increase partner network, etc.
Guidelines
- Guidelines for Secure Application Design, Development, Implementation & Operations
- Guidelines on Information Security Practices for Government Entities
One of the key reason for vulnerabilities in the applications are lack of secure design, development, implementation, and operations. Relying solely on post-development audits for security is inadequate.
Best Practices
- Digital Payment Suraksha
- Security for personal computer
- Security Tips for common users
- Infosecawareness.in
Security Advisory(SA)
- CSKSA-01: DDOS amplification attack vulnerability in exposed NTP mode 6
- CSKSA-02: Sensitive Data exposure by SSL 3.0 Protocol Vulnerability and POODLE Attack
- CSKSA-03: DDOS vulnerability leading to DNS Amplification attack in open dns resolver
- CSKSA-04: DDOS vulnerability and UDP amplification attacks in open netbios service
- CSKSA-05: Information disclosure vulnerability in misconfigured/open NAT-PMP
- CSKSA-06: DoS/DDoS attacks using Open SNMP Vulnerability
- CSKSA-07: Unauthenticated access and UDP Amplification attack vulnerability in open MSSQL
- CSKSA-08: Sensitive Data exposure and DDoS attack vulnerability in misconfigured Memcached
- CSKSA-09: DDoS reflection attack vulnerability in exposed portmapper service