‘India has immense under-utilised talent in the cloud security space’

47
7362

Ritesh Sarvaiya, CEO, Defencely.com Website security is getting increasingly challenging with ‘innovative’ attacks emerging every day. But, thankfully, as threats increase, so do the security measures. Diksha P Gupta from Open Source For You spoke to Ritesh Sarvaiya, CEO, Defencely.com, to understand the website security scene in India, and the online threats that will affect Indian SMEs and SMBs. Read on…

Please share some details about what Defencely does with respect to cloud security?
Modern day attackers can plant a cookie attack, a sniffer, misleading information or anything that can put visitors or customers who visit your website, at risk. So, it becomes extremely important for website managers to be aware of these constantly evolving threats. It is your responsibility to make sure that your security parameters are all up to date, and we at Defencely.com can help you to make your website secure, as we have done for global technology giants like Google, Apple, Facebook, PayPal, etc.
Defencely.com currently focuses only on Web applications, penetration testing, and vulnerability reporting and fixing. The first phase of the company’s operations commenced just three months back. We are primarily focusing on Open Web Application Security Project methodology. In fact, we provide the industry’s early stage testing services; 80 per cent of our work is in manual ‘Search and Report’ mode and 20 per cent via the automated tools.

How do you see the cloud security space evolving  in India?
As far as cloud security in India is concerned, it has immense scope. India has only about five to 10 recognised cloud security companies that deal in all kinds of cloud application testing. Though Indian companies do focus on cloud security services, this sector, so far, has not been organised because of India’s cyber laws, which according to me, are not up to the mark. India has ample talent in this domain but it is not utilised so far. We aim to utilise these brains in this niche field and bring them together under our banner to become the world’s biggest cloud security company. Having said that, I am hopeful that the future of cloud security in India is pretty bright.

India is going online and there is growing awareness about security. But are Indians, particularly the SMEs and the SMBs, aware of the concept of website security?
India is going online at a faster pace than we expected and there is a lot of scope in that domain as well. Hundreds of e-commerce start-ups are being launched, which is a clear indicator of the growth in the online activity of Indians. Overall, it is a good scenario, but one cannot deny the fact that growing online activity also increases the threats. We at Defencely.com are serious about this issue, and we aim to be involved particularly with SMBs and­­ SMEs to create awareness about the virtual losses that they may have to face because of not securing their websites. Let’s imagine a scenario where an e-commerce portal gets compromised because of some zero day vulnerability, and hackers misuse the entire database of the portal, including the financial information and personal details of its buyers. Despite being technically sound, small and big online companies overlook the importance of online security. To a lot of online companies, the term ‘hacking’ means email or credit card hacking. But hacking has evolved and is a million dollar business at present. It is high time that Indian SMBs and SMEs get aware of such threats and start taking appropriate Web security measures. Modern day security services are complete packages of security.

What are the most common vulnerabilities that websites are exposed to, in the modern day world?
Some of the most common threats to most Web applications are:
(a)     Injection vulnerabilities and cross-site scripting: These are two of the most commonly found vulnerabilities that can occur in any website or Web application. There are various forms of injection attacks, including SQL, operating system, email and LDAP injection, and they all work by sending malicious data to an application as part of a command or query.
(b)     Cross-site scripting (XSS): These attacks target an application’s users by injecting malicious code—usually client-side scripting such as JavaScript—into a Web application’s output. Whenever the compromised output or page is viewed, the browser executes the code, allowing an attacker to hijack user sessions, redirect the user to a malicious site or simply deface the page. XSS attacks are possible within the contents of a dynamically generated page whenever an application incorporates user-supplied data without properly validating or escaping it.
(c) Broken authentication and session management: Application functions related to authentication and session management are often not implemented correctly, allowing attackers to compromise passwords, keys and session tokens, or exploit other implementation flaws to assume other users’ identities.
(d)    Insecure direct object references: A direct object reference occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, or database key. Without an access control check or other protection, attackers can manipulate these references to access unauthorised data.
(e)    Security misconfiguration: Good security requires having a secure configuration defined and deployed for the application, frameworks, application server, Web server, database server and platform. All these settings should be defined, implemented and maintained, as many are not shipped with secure defaults. This includes keeping all software up to date, including all code libraries used by the application.
In order to prevent all these threats, developers need to have specific knowledge of how to code Web applications, keeping Web vulnerabilities in mind.

Can you share some tips to ensure website security?

It is sad to see websites getting hacked, by and large, on a daily basis. There are numerous steps to ensure a website’s security. When was the last time you moved your files from their default locations to new ones? When was the last time you moulded your HT Access file, or when was it that you noticed your Web mail ID generating spam mail? When was the last time you scanned your website to check if it was affected with any new online threats? Such factors, among many others, play a vital role in shaping your website’s security. I guess the best way to get started is to hire an online security company. There are some companies that don’t charge a lot to trial-level users.

How is Defencely contributing to increasing awareness about website security?
Defencely doesn’t limit itself to just providing cloud security services, but has a lot more to offer. Timely reporting of security vulnerabilities is what the core team at Defencely aims at. Paypal’s recognition of Defencely being one of the top 10 cloud security companies isn’t the only achievement of the firm. Several other giants such as FaceBook, Apple, Zynga, SoundCloud and iFixit have applauded Defencely for its dedicated work.

With social media being integrated in the websites, does that increase the challenges of administering website security?

Most of the social media websites spend millions of dollars to keep their security at very high levels, because of which IT guys do not have to worry about anything specific.

Why do websites get hacked?
Although there are no specific patterns that hackers follow, there are a few common loopholes that often get exploited.
a) Zero day vulnerabilities: Regardless of whether you have a blog or own a successful Internet business, how often do you consult with a cloud penetration services company for an assessment of your business’s online security? ‘Zero day vulnerabilities’ are explained as those unattended website details that were ignored during the development of the website. Once the website is launched and running, the owner tends to ignore reallocation of key directory files and many other sub-domain URLs, a practice that could be harmful to the business’s integrity.
b)    Exploitation is a hacker’s favourite tool: Seeing today’s cloud security scenario, you should know that many websites are not actually hacked, but exposed through exploits. If the website is lacking security because of weak iFrame modules, improper implementation of user info security parameters, failure in redirecting users to secure pages, or the implementation of outdated SSL certificates, the attacker simply has to misuse that information – in other words, the process is called exploitation.
c)    Technically incorrect: The third category actually involves brute force hacking. We are talking about password cracking, decryption, fuzzing and sending out information to servers. Such forms of hacking are most severe and highly dangerous for any Web business owner. In all scenarios, your best bet is to consult with a credible security services company to shield you from such unforeseen incidents in the near future.
SQL injection is also one of the major threats to a website. Does Defencely offer a specific solution to SQL injection attacks?
Fixing SQL injection is part of the bundled services that we provide at Defencely.com. Once we scan the website with our high-end scanners, we immediately come to know where there are higher chances of SQL injection on a client’s Web application; and as a remedy, we patch it immediately, to keep the client’s website secure from this threat.

A Peek Into the Profile of Hiren Shah, President, Co-Founder

Hiren Shah is an IT veteran and has over eighteen years of experience with multiple entrepreneurial ventures, investment portfolios and growth-oriented companies. He is actively involved with–QualiSpace.com, a leading domain name registrar and a web hosting company helping various corporates in establishing online presence. He is also involved with Infraster.com, a remote IT Infrastructure management company which takes care of IT Infrastructure remotely covering management, migration and monitoring of servers and various other IT start-ups covering reselling of online web services products. Hiren’s core expertise in dealing with web infrastructure and data centres has helped Defencely ride the crest of success.

47 COMMENTS

  1. Today when i was reading about Apple’s newly announced iOS 7 on Wikipedia, I came across the fact that hacking attempts were made on Apple developer’s servers which delayed the launch of iOS 7 beta 4.

    This gives a strong sense of insecurity to the customers even if they are getting services from biggest companies of the world.

    And Defecenly has pointed out gaping holes in the security of companies like PayPal. I am proud to have a company that talented from India.

    • Hey Devider, great to know your thoughts here, just wanted to let you know Defencely is the part of iOS 7 testing & proud to be associated with Apple. Would love to know more about what you are doing these days, from your comment it seems you are super tech guy, are you Researcher ?

  2. I do agree that India is showing a very favorable growth rate of eCommerce activities but at the same time, not all online companies / firms are aware of the importance of cloud security. Not only should more cloud security companies rise to meet this demand but also approach the eCommerce companies to implement better security facilities for both the consumer and the business itself.

  3. Defencely’s team have excellent pentesting skills, as seen on numerous awards pages of well-known websites, where they have found important vulnerabilities for these companies. I can understand why web app owners prefer Defencely to safeguard their sites!

  4. Creating a website a 2 minute job, Thanks to the tools and services available today but those who start a website are not aware of the threats of having one. In this era where websites, web apps and this whole internet stuff drives our lives security is necessary.

    In a country like India where people were not used to this whole cloud security scenario are slowly getting aware about it thanks to Defencely and its efforts.

    Great Work, Nice Interview

  5. Over all i liked the Interview, it was great read & gives a clear indication about the Talent which India has to secure the world, additionally these threats are very important to detect & patch before it hits your cloud & compromise. Gentleman is looking promising as a start up & would like to wish him all the best for his future.

  6. A great Interview…..So many enlightening points regarding website security….I understood a lot of things, I din’t knew. Detecting such threats has become the top priority these days because the level of threats is increasing day by day…Thanks for this article….A must Read and a Good one too….

  7. This is one the biggest move for Indian cloud security industry, extensive and exhaustive interview read ever. Certain facts which we need to keep in mind that Indian cloud companies are expanding at rapid pace and at the same time security is necessary, rather I would term it as unavoidable to keep your data safe.

    I know Ritesh Sarvaiya personally, and his efforts to to take this to next is worthy.

    Hats off & all the best http://www.Defencely.com

  8. Great to know something is new coming up in Indian cloud security market. Is there a way I can know how pricing works for this product Ritesh ? I have couple of ecommerce websites for which I am looking forward to opt for your services.

  9. This gives clear picture of how vulnerable cloud security in India is and how passionate this company is to secure companies against all kind of hacking threats prevailing across the Internet. I also had a look at http://www.defncely.com & looks promising to me.

    Additionally I believe this disruption will lead to great Cloud Security competition across India.

  10. This is one the biggest move for
    Indian cloud security industry, extensive and exhaustive interview read
    ever. Certain facts which we need to keep in mind that Indian cloud
    companies are expanding at rapid pace and at the same time security is
    necessary, rather I would term it as unavoidable to keep your data safe.

    I know Ritesh Sarvaiya personally, and his efforts to to take this to next is worthy.

    Hats off & all the best http://www.Defencely.com

  11. Today when i was reading about Apple’s newly announced iOS 7 on
    Wikipedia, I came across the fact that hacking attempts were made on
    Apple developer’s servers which delayed the launch of iOS 7 beta 4.

    This gives a strong sense of insecurity to the customers even if they are getting services from biggest companies of the world.

    And Defecenly has pointed out gaping holes in the security of
    companies like PayPal. I am proud to have a company that talented from
    India.

  12. Creating a website a 2 minute
    job, Thanks to the tools and services available today but those who
    start a website are not aware of the threats of having one. In this era
    where websites, web apps and this whole internet stuff drives our lives
    security is necessary.

    In a country like India where people were not used to this whole
    cloud security scenario are slowly getting aware about it thanks to
    Defencely and its efforts.

    Great Work, Nice Interview

  13. I do agree that India is showing a very favorable growth rate of
    eCommerce activities but at the same time, not all online companies /
    firms are aware of the importance of cloud security. Not only should
    more cloud security companies rise to meet this demand but also approach
    the eCommerce companies to implement better security facilities for
    both the consumer and the business itself.

  14. I know Ritesh from early childhood…there are so many memories of our
    childhood…one thing I observed in ritesh since childhood is his Courage!
    I did my civil engineering, got chance to work with some of the big
    corporate, fat salaries and perks, still not 100 % satisfied with my
    job..I am working for others..Riteshs journey so far inspires me a lot..
    today online exposure and a website is needed in most of the business
    and profession.. there are so many online threats and risks..I m sure
    defencely will play an important role in providing the best online
    security…I wish very best of luck to ritesh, defencely and all the
    talented people associated with him…

  15. Ritesh Sarvaiya works on scam based approach. His businesses are only short term and never last that long. 100s of pissed off people at http://behinddefencely.blogspot.in/2013/06/story-behind-defencely.html cant be lying obviously. By the way, he is anti Muslim and Anti Islam material. Likes to bring up hatred against other peoples’ religion in the middle of professional work environment. http://www.imagecurl.com/images/76984781612740918462.png and http://www.imagecurl.com/images/37701127351161651664.png

  16. Today when i was reading about
    Apple’s newly announced iOS 7 on Wikipedia, I came across the fact that
    hacking attempts were made on Apple developer’s servers which delayed
    the launch of iOS 7 beta 4.

    This gives a strong sense of insecurity to the customers even if they are getting services from biggest companies of the world.

    And Defecenly has pointed out gaping holes in the security of
    companies like PayPal. I am proud to have a company that talented from
    India.

  17. Nice blog…
    secure your blog is always better , I know its worth as pcskull.com was hacked for couple of days…
    Security will make vital role in blogging journey.

  18. WOW. Really nice and interesting interview. I like this guy in the first
    paragraph about him. Hes awesome and hard working person.

  19. I have worked with Ritesh sir for over two years and it was a great
    experience. His ability to take on new challenges is indeed impressive.
    He has also been inspiring all throughout with his entrepreneurial
    skills. I wish him all the best in the future.

  20. Greate to hear about the person who deserved in this online world.
    Wonderful interview with Ritesh Sarvaiya which boost something in the
    inner mind. Thanks.

  21. Its great to see that, Indian Start up companies are getting attention
    as well and this will bring out great number of such entrepreneurs from
    this huge nation with 50% population being below the age of 30.

  22. This is one of the best news heard lately. I had the same excitement
    and happiness for India when Redbus got sold (sold here means getting
    acquired to make it bigger), and now this one. Ritesh is a deserving
    person to be mentioned here although I saw they have got a big team with
    International guys too in the team, still the people who started this
    strong base are Indians, and that is what means to me. Nice Interview, I
    read every word of it and enjoyed it.

    Thanks

    Sarguna

  23. this
    guy called ritesh sarvaiya is a big-time seller of adult websites.
    check out my detailed research on him which i posted on therodinhoods.com/forum/topics/defencely-com-india-s-upcoming-effective-cloud-security-services
    ritesh sarvaiya makes a living selling adult and porn websites and domain names.
    and also cheated his co-founder atul shedgae from whom he stole this
    entire concept idea about defencely. read the whole story about this
    scammer here behinddefencely.blogspot.com

  24. This is one of the best news heard lately. I had the same excitement
    and happiness for India when Redbus got sold (sold here means getting
    acquired to make it bigger), and now this one. Ritesh is a deserving
    person to be mentioned here although I saw they have got a big team with
    International guys too in the team, still the people who started this
    strong base are Indians, and that is what means to me. Nice Interview, I
    read every word of it and enjoyed it.

    Thanks

    Sarguna

  25. This is one the biggest move for
    Indian cloud security industry, extensive and exhaustive interview read
    ever. Certain facts which we need to keep in mind that Indian cloud
    companies are expanding at rapid pace and at the same time security is
    necessary, rather I would term it as unavoidable to keep your data safe.

    I know Ritesh Sarvaiya personally, and his efforts to to take this to next is worthy.

    Hats off & all the best http://www.Defencely.com

  26. Today when i was reading about Apple’s newly announced iOS 7 on
    Wikipedia, I came across the fact that hacking attempts were made on
    Apple developer’s servers which delayed the launch of iOS 7 beta 4.

    This gives a strong sense of insecurity to the customers even if they are getting services from biggest companies of the world.

    And Defecenly has pointed out gaping holes in the security of
    companies like PayPal. I am proud to have a company that talented from
    India.

  27. I know Ritesh from early childhood…there are so many memories of our
    childhood…one thing I observed in ritesh since childhood is his Courage!
    I did my civil engineering, got chance to work with some of the big
    corporate, fat salaries and perks, still not 100 % satisfied with my
    job..I am working for others..Riteshs journey so far inspires me a lot..
    today online exposure and a website is needed in most of the business
    and profession.. there are so many online threats and risks..I m sure
    defencely will play an important role in providing the best online
    security…I wish very best of luck to ritesh, defencely and all the
    talented people associated with him…

LEAVE A REPLY

Please enter your comment!
Please enter your name here