Inadequate authorization checks gaps/weaknesses that allow unauthorized users to view, modify, or delete sensitive information without going through a valid authentication process when submitting a request to a website. For example, when you edit an article on an ad, the following HTTP request is sent.

Web sites use open source tools to help manage and edit web files. Since the code is open source, security vulnerabilities can also be easily discovered, Therefore, developers/individuals need to be careful when using open source because security is open to all.

Occasionally, when diagnosing mock hacking on a mobile app or website, there are cases in which the data is encrypted with a random symmetric key method and transmitted to the server without encrypting the data using the public key of the server.

Many IoT devices such as dual-mode routers, IP cameras, and door locks provide their management services, such as providing information or changing settings, through web pages using HTTP. These management pages come from CGI files that are already compiled into the firmware

SQL injection is an attack technique in which an attacker exploits security vulnerabilities to inject and execute arbitrary SQL statements, thereby manipulating the database to perform abnormal operations.

Cross-site scripting (XSS) is an attack method that contains malicious scripts on a web page and is placed on the user's side. For example, if an unverified external input value is used to create a dynamic web page, visitors to that web page will immediately see the attacker's identity and information about the target web page.

Command Injection is a vulnerability in which unintentional system commands are executed by user input values that have not undergone proper verification procedures, which can inappropriately change user privileges or adversely affect system operation and operation.

An overflow vulnerability occurs when a program that uses contiguous memory space tries to read or write data to a location beyond the allocated memory range. By causing program malfunction or executing malicious code, an attacker gains the authority to control the program.

File download and execution vulnerabilities refer to weaknesses that arise from the capability of ActiveX to download external files. These methods are typically employed to execute functions within ActiveX or to substitute a specific module.

In the digital age, data protection has become a paramount concern for both businesses and individuals. Rwanda, cognizant of these shifting paradigms, introduced the Data Protection and Privacy (DPP) Law, setting standards and guidelines for businesses operating within its jurisdiction.

The CyberTech Africa Conference is an important cybersecurity and information technology event held annually in Africa. It brings together cybersecurity experts, IT and security solution providers, government officials and policymakers, business leaders and corporate representatives and academic researchers from across Africa to discuss the latest technologies, trends and challenges.

The 2022 / Tanzania ICT Commission recognize the importance of cybersecurity at the national level, and as part of this, we are pursuing a national cybersecurity policy with great interest in fostering professional experience.

"The 2018 Kosovo/TAK's Adaptive Security System Development Pilot Project" which carried out for seven months through May to November for the Tax Administration of Kosovo has been successfully completed.

In order to share our experiences and know-how of Cyber Security in Korea with peoples in the blind spot of information security, we were started the WiKian-Junior, an internship program designed earlier this year.

WiKi Security Corporation, which participated in TAS(Transform Africa Summit) 2018, the largest ICT event in Africa, as an exhibitor, introduced information security consulting, security products and Training Center for cyber security. In particular, we participated in an official event to deliver certificates on behalf of ISO council as a result of ISO / IEC 27001 consulting service provided to KT Rwanda Network Ltd. earlier this year.

The Ministry of Information Technology and Communication (MITC) is a central specialized public administration body which elaborates and ensures the development of the Informational Society Statute (telecommunication, post, TV and broadcasts).

Philippines NTC  is an attached agency of the Department of Information and Communication Technology, responsible for the supervision, adjudication and control over all telecommunications services throughout the country.

Rwanda's Telecom, KT Rwanda Networks Ltd, is a communications company with Rwanda's only LTE communications infrastructure, they are providing wholesale provision of universal mobile broadband network built on 4G LTE technology.

Tax Administration of Kosovo (TAK), as Enforcement Agency with full Autonomy, is responsible to administer the implementation of any tax type applicable by tax legislation in Republic of Kosovo.

CLIENT A company (oil refinery) BACKGROUND AND TOPIC   - As a global company, it operates a large number of information systems and is obliged to comply with legal regulations in the Information and Communication Network Act, it regularly explores vulnerabilities and hacks to professional firms every year. 

There was a consulting request from the client company for the AD security policy. AD security policy can be seen from various points of view from design of AD to account management, but since the total number of accounts is over 100,000, this consulting focused on identifying the latest issue, abnormal account, and suggesting improvement plan.

CLIENT The Ministry of Information and Communication of Moldova  NATIONAL ICT STATUS The Republic of Moldova, which is a developing country in Eastern Europe, is centered on the Ministry of Information and Communication (MITC), ....

CLIENT A refinery (refinery) PROJCET BACKGROUND AND TOPIC As a representative company in the petroleum industry, the customer is a representative company of the oil industry. In order to secure the security of the process control system of the large refinery owned by the province ...

Most of the application source vulnerability diagnoses will receive a large number of source files and perform vulnerability diagnostics. Most of them are static diagnosis using a tool for diagnosing source vulnerabilities such as Fortify and dynamic ....

VPN has various methods such as remote access from  site-to-site. However, from the viewpoint of an attacker, it is an attractive hacking object that can penetrate into an important path to enter an internal network only if a VPN is penetrated.  Actually, site: vpn. * Com is a lot of domestic sites starting with vpn can be searched, but telecommuting,

* There are many purposes to hide your IP. - When Google pulled out of China, there were a lot of Chinese who used public VPNs to bypass blocking - There is a situation where you have to hide your IP inevitably in order to execute Real PT composed of Red Team - It may be used to bypass the blocked IP itself while diagnosing security vulnerabilities