SANS Top 25 Archives - Krishna Gupta

Understanding the Vendor Site Compliance Certificate (VSCC) from SBI: A Comprehensive Guide for MSMEs

29 July 2025 by Krishna

In the world of modern business, compliance has become one of the most significant aspects of ensuring smooth operations and maintaining business integrity. For Micro, Small, and Medium Enterprises (MSMEs) in India, compliance with industry standards and regulatory frameworks is vital not only for operational success but also for securing partnerships and funding from major financial institutions. One of the most crucial certifications in this regard is the Vendor Site Compliance Certificate (VSCC) issued by the State Bank of India (SBI).
This comprehensive guide delves into what the VSCC is, why it is critical for MSMEs, how to obtain it, and the role it plays in enhancing your business’ credibility. With a focus on the practical aspects, this post will shed light on how the VSCC contributes to compliance, risk mitigation, and improving the business’s overall ROI.

2024 CWE Top 25 Most Dangerous Software Weaknesses: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) CWE-22

10 March 202510 March 2025 by Krishna

Path traversal, also known as directory traversal, is a vulnerability that allows an attacker to access files and directories stored outside the intended directory. By exploiting improper validation of user-supplied input, attackers can manipulate file paths to access sensitive system files, configuration files, or any other data stored on the server.

2024 CWE Top 25 Most Dangerous Software Weaknesses: Cross-Site Request Forgery (CSRF) CWE-352

9 March 2025 by Krishna

CSRF is a security vulnerability that tricks a victim into performing unintended actions on a web application where they are authenticated. By exploiting the trust that a website places in the user’s browser, attackers can force users to execute actions without their consent or knowledge.

Understanding the 2024 CWE Top 25 Most Dangerous Software Weaknesses: SQL Injection (CWE-89)

8 March 2025 by Krishna

SQL Injection is a code injection technique that exploits a software vulnerability within the database query layer. This occurs when an application does not properly sanitise or neutralise special elements in SQL statements. Attackers craft malicious inputs to manipulate queries, gaining unauthorised access to databases or manipulating data.

Understanding CWE-79: Cross-Site Scripting (XSS) in 2024 – A Strategic Guide for Software Architects and C-Suite Executives

6 March 2025 by Krishna

At its core, XSS exploits the trust a user places in a web application. By manipulating input fields, URLs, or other interactive elements, attackers can introduce scripts that execute commands, steal sensitive information, or alter website functionality.