|
|
|
|
|
❎
CYBERSECURITY → discovering findings on internet facing webapps using public scanning tools
AZURE CLOUD → infrastructure performance challenges on advanced hybrid cloud implementations
AZURE CLOUD → validating Azure B2B Guest User accounts using OIDC/OAuth2 via MS Entra ID and MS Authenticator
POWERSHELL → exploring network topology and connectivity using a customized PowerShell script
Welcome to Agustín Hernán Borrajo's cloud consulting microsite !
The main purpose of this web is to share my 20+ years of experience on Hybrid Cloud Infrastructure & Cybersecurity.
A detailed description of concrete work experiences and skills can be found in my 2025 resume.
You can explore and read my online technical articles expanding the below menu:
Discovering cybersecurity findings on internet facing web apps using public scanning tools. 🔽 Cloud based Web Applications heavily depend on the stability and integrity of the platforms where they reside. A few considerations need to be taken into account during the evolution of the Web Application Lifecycle. Lead developers, Middleware Engineers and System Architects often need to certify their WebApp level of cybersecurity compliance. Before performing a fully fledged Vulnerability Assessment Test, a quick exploration can be performed using public scanning tools. Even if no auhentication credentials are supplied or exchanged, Cloud platforms provide clues about their Web Services and protocols. The below list shows the type of CVEs and cybersec findings that can be discovered if your WebApp is exposed to the internet : 🔸 CRYPTOGRAPHY: Web Server Certificates, Protocols, Cipher Suites, Signature Algorithm, Subject Alternative NamesA thorough review of the cryptographic integrity of your development is always a good starting point. Before promoting your WebApp to Production, there is a need to be aware of all URLs that will be consumed by the Application. WebApps eventually need to perform a query to a backend that is part of their domain name and such call needs to be secured. When your WebApp executes a query against other domains, the secured connection is usually provided by the queried platform. Modern Cloud Computing platforms take care of the vast majority of the certificate needs and crypto requirements. Automated rotation of WebApp certs and ciphersuite remediations are part of the base line services offered by most providers. When the web server certificate is manually generated and uploaded, additional care needs to be applied. In other words, the WebApp certificate properties and values are part of the Application Architecture and provisioning. During the development and UAT stages, public scanning tools can be used to confirm how your WebApp behaves. 🔻 The below properties can be explored using Qualys SSL LABs, CryptCheck, CRT : Subject, Common Names, Subject Alternative Names, Issuer, DNS Certification Authority Authorization (CAA) Fingerprint SHA256, PIN SHA256, Serial Number, Valid From, Valid Until, Key/Auth/#ofBits, Signature algorithm Revokation status + Revokation info, CRL, Trusted status, Protocols, Accepted Cipher Suites, Weak Cipher Suites Handshake simulations, Protocol Negotiations, HTTP requests 🔻 A table-format supported ciphers suites list can be queried using CryptCheck : Cipher full name, Key exchange, Authentication, Encryption Type (e.g.:AES), Encryption Key Size, Encryption Block Size Mode, Message authentication code (MAC) Type & Size, Perfect Forward Secrecy (PFS)🔸 HOST HEADERS: Header Name, Property Value, Usage🔻 Some of the below Host Headers can be explored using Qualys SSL LABs, Cloudflare Radar and Probely Security Headers :Strict-Transport-Security (HSTS), X-Frame-Options, X-Content-Type-Options, Content-Security-Policy, Referrer-Policy Clear-Site-Data, X-Permitted-Cross-Domain-Policies, Permissions-Policy Cross-Origin-Embedder-Policy, Cross-Origin-Opener-Policy, Cross-Origin-Resource-Policy X-XSS-Protection, Feature-Policy, Content-Type, Content-Length, Cache Control, Set-Cookie🔸 COMBINED SECURITY REPORT:🔻 Some of the below property values can be explored using Immuniweb : Fingerprinted CMS Components & Vulnerabilities GDPR Compliance Test, PCI DSS Compliance Test, CSP Content Security Policy Test Raw HTTP Header, frame-ancestors, object-src, script-src, require-trusted-types-for DNSSEC (Domain Name System Security Extensions), HTTP METHODS ENABLED HTTP VERSIONS, NPN (Next Protocol Negotiation), Application Level Protocol Negotiation, Web Application Firewall 🔻 The below combination of properties can be scanned with the help of Mozilla HTTP Observatory : Cross Origin Resource Sharing (CORS), Strict-Transport-Security (HSTS) Strict-Transport-Security (HSTS), X-Frame-Options, X-Content-Type-Options, Cross-Origin-Resource-Policy Clickjacking protection via frame-ancestors, Raw server headers🔸 MALWARE🔻 Some of the below objects can be explored using Sucuri Sitecheck combined with Quttera : Firewall Status, Malicious files, Suspicious files, External links, Blacklisted links, Blacklisted domains |
