Information Security Archives

The Future of Server-less Security in 2025: From Logs to Runtime Protection

22 January 2025 by

Serverless computing is a cloud computing execution model where cloud providers automatically manage the infrastructure, including servers, for applications. This allows developers to focus on writing code and deploying applications without worrying about provisioning, scaling, or maintaining servers. Despite the name, “serverless” does not mean there are no servers involved; it simply means that the management of these servers is abstracted away from the developer.

A Comprehensive Guide to VPN Protocols for Information Security Architects

21 January 202521 January 2025 by

VPNs are an essential component of modern cybersecurity, but they are not a silver bullet. Cybercriminals continue to innovate, finding ways to bypass VPN protections through social engineering, malware, and sophisticated attack vectors. For Information Security Architects, the key lies in adopting a layered security approach that integrates VPNs with other measures such as Zero Trust principles, endpoint security, and employee education.

Multi-Stage Cyber Attacks: Understanding Their Sophistication and Building Robust Defences

20 January 2025 by

Cyber attacks have evolved into intricate operations, often executed in multiple stages to achieve maximum impact while evading detection. Multi-stage cyber attacks leverage complex execution chains to mislead victims, bypass traditional defences, and deliver devastating outcomes. For organisations and individuals alike, understanding the mechanics of these attacks is essential for crafting effective defence strategies.

Multi-stage cyber attacks are a formidable challenge, but with offensive security techniques, organisations can move from reactive to proactive defence. By adopting vulnerability assessments, penetration testing, cyber forensics, malware analysis, and reverse engineering, businesses can detect and neutralise threats before they escalate.

Server-Side Request Forgery (SSRF): A Deep Dive into Risks and Mitigations for Software and Web Developers

19 January 2025 by

SSRF occurs when an attacker exploits a server-side vulnerability to send crafted requests from a vulnerable web server to unintended locations. These requests can be directed to internal services, cloud metadata APIs, or other network resources that would otherwise be inaccessible to external users. Essentially, SSRF enables attackers to leverage the server’s trust in internal resources and APIs to bypass firewalls, access private services, and gather sensitive data.

Security Logging and Monitoring Failures: A Comprehensive Guide for Software Developers, Architects, and Security Analysts

18 January 2025 by

Security logging involves the systematic recording of events within a system, application, or network. Monitoring, on the other hand, refers to actively reviewing and analysing these logs to detect anomalies or malicious activities.