SPAN Testing Darpan

SPAN Testing Darpan The SPAN Testing Darpan is a window that gives an insight into the day-to-day happenings, progressions and innovation being carried out at SPAN Testing

AT SPAN Testing Group we never leave any stone unturned, from Manual to Automation, From performance to Security ,a one stop testing solution guiding process to perfection. A class of Highly qualified IT professionals who not just test but ensures the best quality the end product deserves. Our SPAN Testing Group FB page will keep you updated about the doings of the SPAN testing group,new initiatives and innovations being incorporated and many more so just keep looking...

Look @ Bug Ki Bukwas :)
29/12/2014

Look @ Bug Ki Bukwas :)

Christmas- 2014 :)
24/12/2014

Christmas- 2014 :)

Look @ Bug Ki Bukwas :)
16/12/2014

Look @ Bug Ki Bukwas :)

Are you being Phished?Phishing Facts: In the span of Jan-June 2014Apple became the world's most-phished brandThe phishin...
16/12/2014

Are you being Phished?

Phishing Facts: In the span of Jan-June 2014

Apple became the world's most-phished brand
The phishing attacks occurred on 87,901 unique domain names
The average phishing attack uptime in 1H2014 was 32 hours and 32 minutes, which means the possibility of tracking down an attacker responsible is considerably low
There were about 123,741 known attacks by phishing
Phishing attacks concentration : e-Commerce Websites – 32.4%, Bank Websites – 25.7%, Social Networking and email – 23.1% & Money Transfer – 12.8%
Phishing: A buzzword in hacker's world that has always been a nightmare for internet users, the risk is even magnified when social networking websites are being used as a medium to "Phish" the users. In this an attacker uses "Social Engineering" such as an email from a web site or company masquerading genuine one, urging you to provide confidential information, such as a credentials or Social Security number or other valuable details .

Common Attack vectors used in Phishing:

Using Phishing Email

Generic / Unofficial "From" address.
Beware of emails stating cautions like "Urgent action required", "your account will be closed" , "your account has been compromised" , the fraudster here simply trying to manipulate you to give an immediate action compromising your account details/ personal details
Link to a fake web site Fraudster can create same pages as the legitimate users with every functionality present in it and looks like the legitimate, it may misguide you to believe that the page is legitimate
Safeguarding you:
Generally phishing websites looks exactly as a legitimate website, but you can differentiate them in following aspects:

1. Check URL of the Site :- Usually URLs of the phishing website will be slightly differing from legitimate with just (an extra letter, ".", missing letter, shuffling of domain name in the URL, etc.)For example: Legitimate: https://in.yahoo.com/ phishing might be https://in.yahao.com/

2. Popups directly asking credentials & Personal details

3. If you are in doubt first give a Fake credentials to verify

SPANDANA-2014
16/12/2014

SPANDANA-2014

SPAN Infotech Annual Fest :)
04/12/2014

SPAN Infotech Annual Fest :)

POODLE stands for (Padding Oracle On Downgraded Legacy Encryption) , a latest vulnerability that has again questioned t...
04/12/2014

POODLE stands for (Padding Oracle On Downgraded Legacy Encryption) , a latest vulnerability that has again questioned the credibility of SSL v3.0
SSL 3.0 is nearly 18 years old, but support for it remains widespread. Most importantly, nearly all browsers support it and, in order to work around bugs in HTTPS servers, browsers will retry failed connections with older protocol versions, including SSL 3.0. Because a network attacker can cause connection failures, they can trigger the use of SSL 3.0 and then exploit this issue
The SSL 3.0 vulnerability stems from the way blocks of data are encrypted under a specific type of encryption algorithm within the SSL protocol. The POODLE attack takes advantage of the protocol version negotiation feature built into SSL/TLS to force the use of SSL 3.0 and then leverages this new vulnerability to decrypt select content within the SSL session.
Impact :
The POODLE attack can be used against any system or application that supports SSL 3.0 with CBC mode ciphers. This affects most current browsers and websites, but also includes any software that either references a vulnerable SSL/TLS library (e.g. OpenSSL) or implements the SSL/TLS protocol suite itself. By exploiting this vulnerability in a likely web-based scenario, an attacker can gain access to sensitive data passed within the encrypted web session, such as passwords, cookies and other authentication tokens.
Countermeasure:
There is currently no fix for the vulnerability SSL 3.0 itself, as the issue is fundamental to the protocol; however, disabling SSL 3.0 support in system/application configurations is the most viable solution currently available. Server should strictly apply and use TLS 1.0 as the minimum encryption protocol supported.
Some of the same researchers that discovered the vulnerability also developed a fix for one of the prerequisite conditions; TLS_FALLBACK_SCSV is a protocol extension that prevents MITM attackers from being able to force a protocol downgrade. OpenSSL has added support for TLS_FALLBACK_SCSV to their latest versions and recommend the following upgrades:
OpenSSL 1.0.1 users should upgrade to 1.0.1j.
OpenSSL 1.0.0 users should upgrade to 1.0.0o.
OpenSSL 0.9.8 users should upgrade to 0.9.8zc.
Both clients and servers need to support TLS_FALLBACK_SCSV to prevent downgrade attacks.

04/12/2014

Have You Heard of "FOOD TESTING"?

The GAG TEST: Anything that makes you gag is spoiled.

EGGS: When something starts pecking its way out of the shell, the egg is probably past its prime.

DAIRY PRODUCTS: Milk is spoiled when it starts to look like yogurt. Yogurt is spoiled when it starts to look like cottage cheese. Cottage cheese is spoiled when it starts to look like regular cheese. Regular cheese is nothing but spoiled milk anyway and can’t get any more spoiled than it is already.

MEAT: If opening the refrigerator door causes stray animals from a three-block radius to congregate outside your house, the meat is spoiled.

BREAD: Fuzzy and hairy looking white or green growth areas are a good indication that your bread has turned into a pharmaceutical laboratory experiment.

CANNED GOODS: Any canned goods that have become the size or shape of a softball should be disposed of.

ShellShock - Vulnerability which Shook the Internet!!!In the fast growing cyber world, Internet, since its commencement ...
06/11/2014

ShellShock - Vulnerability which Shook the Internet!!!

In the fast growing cyber world, Internet, since its commencement had been the threads that tunes the highly sporadic world of computers in one thread.When the Unix is made the victim , attackers can crumble the half the internet and bring it to knees. A vulnerability of same potential was revealed on September 24, 2014 , well known as ShellShock.

What it is ?

well,In short, the vulnerability allows remote attackers to execute arbitrary code given certain conditions, by passing strings of code following environment variable assignments. Because of Bash's ubiquitous status among Linux, BSD, and Mac OS X distributions, many computers are vulnerable to Shellshock

Prime Targets:
• Apache HTTP Servers that use CGI scripts (via mod_cgi and mod_cgid) that are written in Bash or launch to Bash subshells
• Certain DHCP clients
• OpenSSH servers that use the ForceCommand capability
• Various network-exposed services that use Bash

Check System Vulnerability: Try the below script in your Bash

env 'VAR=() { :;}; echo Bash is vulnerable!' 'FUNCTION ()=() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test

If you get output as : Bash is vulnerable! Bash Test Then you need to get your system updated ASAP.

Fix Vulnerability: Update Bash - The easiest way to fix the vulnerability is to use your default package manager to update the version of Bash.

SPAN Tech Utsav - 2014
22/10/2014

SPAN Tech Utsav - 2014

Customer Meet and Tech Utsav :SPAN had recently organized annual technical festival well known as “Tech Utsav 2014” to m...
20/10/2014

Customer Meet and Tech Utsav :
SPAN had recently organized annual technical festival well known as “Tech Utsav 2014” to manifest the latest technology trends in IT Industry. The event was more important as it was accompanied by customer meet.
The event had been a great success in exploring new ways and better aspects in existing technologies. SPAN testing group had shown a never before zeal and enthusiasm in participating and manifesting the expertise we have over our technology.
About half of the participation had been occupied by testing group. The participants and Winners have been shown below

19/10/2014

Testing Services
SPAN offers customers end to end services that meet all Quality assurance requirements

Functionality Testing - Unit, System and Integration including Test case writing, use case writing, test case ex*****on
Usability and Accessibility Testing - intuitiveness of navigation and good user experience
Installation and Compatibility Testing for different environments including multiple browsers, operating systems, databases etc.
Automation of regression testing using industry accepted tools like VSTS, QTP, Test Partner, Rational tools and open source tools like Selenium etc.
Performance (Load/Stress) Testing with Capacity Planning
Security Testing - Infrastructure, Web applications (Intranet/ Internet), Web Services

Address

27th Cross Road
Bangalore
560070

Telephone

8971872553

Website

Alerts

Be the first to know and let us send you an email when SPAN Testing Darpan posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Contact The Business

Send a message to SPAN Testing Darpan:

Shortcuts

Share

Category