view

2020 TVS Apache RTR 160 4V BS6 First Ride Review: More worries for Bajaj Pulsar?

The new 2020 TVS Apache RTR 160 4V is now BS6 compliant. The bike now gains some features and it also loses a handful in the process. We have ridden it at the company's racetrack in Hosur and here is what we think about it.




view

2019 TVS Apache RR 310 Road Test Review – Racetrack material goes sports touring!

TVS' fantastic-looking flagship - the Apache RR 310 has got an important update for 2019 that should keep a lot of customers happy! Here, in this comprehensive review, we tell you how the new version is to ride and what all has changed, for the good or bad!




view

New Audi A6 review, first drive: Takes the fight right up to the BMW 5 Series

The new Audi A6 is a step-up from the previous generation car in all aspects and didn't disappoint us in the short drive experience that we had with it.




view

2019 Renault Duster diesel AMT review: The old still retains its gold!

One of the main reasons why the Renault Duster quickly shot to fame upon its initial market launch was its exterior design. The Duster was able to portray the aura of a brute SUV thanks to its massive wheel arches, high-set bonnet and an overall dominating stance.




view

The Grand Tour Seamen review: No tent, no cars but just as funny at sea

The boys are back for an encore season as they have ditched the tent, but also cars for some reason. But the humour remains at its peak.




view

Maruti Suzuki Ciaz Diesel Long-Term Review: Makes You Richer, Literally!

The Maruti Suzuki Ciaz diesel has been part of the Express Drives' long term fleet for over a month now. In our first report, we share our initial experience in relation to this C-segment sedan and how its in-house developed diesel engine performed over the said duration!




view

BS-VI Honda SP125 First Ride Review | Better comfort & refinement in a peppier looking package

BS-VI Honda SP125 Review: Honda's second BS6 compliant two-wheeler not only is now more fuel-efficient and cleaner for the environment, but it also offers several new features. We rode it around the streets of Mumbai to find out more.




view

KTM 790 Duke review, road test: Sharp handler yet forgiving and packed with safety aids

The KTM 790 Duke is crammed with features, has explosive performance, lots of safety aids, is fuel efficient and is generally an enjoyable motorcycle.




view

Rollr Mini Vehicle Tracker Review: Make any car a connected car

The Rollr Mini helps you monitor your vehicle’s whereabouts and offers you vehicle telematics with driving behaviour data through a smartphone app, but is it any good?




view

EXCLUSIVE! Honda Activa electric review: The 95km range, zero maintenance scooter

This electric Honda Activa has a claimed 90km range and the modification costs less than Rs 50,000 with a two-year warranty.




view

Maruti Suzuki S-Presso review, road test: Kwid rival a good step-up from Alto K10

The Maruti Suzuki S-Presso is decently roomy, has a good feature spread and at the same time is reasonably frugal at the pumps, micro-SUV.




view

Kia Carnival India Review: Good to beat Toyota Innova Crysta as India’s most desired MPV?

Kia Carnival is now ready to enter a segment that has been completely dominated by the Toyota Innova Crysta. Positioned above the Crysta, does the Kia Carnival have enough to become the most desired MPV in India? We find out




view

Tata Nexon EV First Drive Review: Can it be your next daily drive?

Can the Tata Nexon Electric become your next daily driver? Read our first-drive review of India's first all-electric sub-four-meter SUV to find out!




view

Ducati Diavel 1260S Review | 159 wild horses & plenty of electronics to tame them

2019 Ducati Diavel 1260S Review | When the Italians thought of building a cruiser, you knew there'd be a lot of power but then they didn't stop there. The Diavel 1260 is a fusion of a superbike and a cruiser, creating a class of its own.




view

Hyundai Aura Test Drive Review: Worst Nightmare of Maruti Suzuki Dzire

The new Hyundai Aura has been launched at a competitive price range. With new and multiple segment-first features and extensive engine and gearbox options, the Aura presents a strong threat to the Maruti Suzuki Dzire's segment leadership. We drove the car in Indore to find out if the Hyundai Aura can topple off the existing king.




view

Ather 450X Electric Scooter Review | ‘X’ means more speed, comfort and range

Ather 450X Electric Scooter Review: Ather 450 found quite a lot of popularity in two major Indian cities, and now there is an 'X' in its name and personality. The changes are immense in how quickly it moves to how the rider interacts with it.




view

2020 TVS Apache RR 310 First Ride Review | Better enough to keep up?

2020 TVS Apache RR 310 Track Ride Review: The RR 310 has undoubtedly always been a performance machine with great looks, but it now it reaffirms its position with better handling and features.




view

Suzuki Gixxer 250 review, road test: Why should one buy this motorcycle?

In this story, we aim to explore who exactly is the Suzuki Gixxer 250 aimed at and the good as well as not-so-appealing bits associated with it. This one is a naked street motorcycle and we concentrate first on its good points.




view

Suzuki Access 125 BS6 Road Test Review: The All-Rounder for Everyone!

Suzuki Access - a name that has been threatening other 125cc scooters out there in the market for years recently received a BS6 upgrade. Here is what all has changed on the scooter, for the good or bad, and should you buy it spending a little extra?




view

2020 Jaguar XE petrol review: Sporty and comfortable in a compact package

The new Jaguar XE has looks to kill for and at the same time has enough poke to tackle city as well as highway duties.




view

Gemopai Astrid Lite Road Test Review: Small is the new Big?

Gemopai's high-speed electric scooter Astrid Lite proved its mettle when it reached Murthal from Noida in a single full charge, covering 87 km. Here is how it performed on a day to day basis.




view

Royal Enfield Interceptor 650 Long Term Review: 1 Month, 1,500 km Update!

Our long-termer Royal Enfield Interceptor recently visited the Queen of Hills - Mussoorie! Here's how the latest addition to Express Drives' garage is to live with and if we encountered any problems with it during the initial run.




view

Hero XPulse T review: The lesser-talked about variant’s pros and cons explained

The Hero Xpulse T is supposed to be a road going tourer version but here is the catch behind this motorcycle.




view

Honda Activa 6G First Ride Review: King of scooters now bigger and better!

Honda Activa 6G gains multiple new features and now has a more environmental-friendlier engine. So, what all it packs in, how it is to ride and most importantly, does it justify the Rs 8,000 premium in pricing? All these questions answered below.




view

Maruti Suzuki Vitara Brezza Petrol Review: Much Improved but…

The Maruti Suzuki Vitara Brezza has now transformed from a diesel-only offering to a petrol-only offering. While the changes and feature updates to the new 2020 facelifted model are a few, can it still be a force to be reckoned with in its segment? We find out.




view

TVS iQube First Ride Review: TVS’ second innings in electric scooter territory looks a promising one!

During its second innings in the EV space, TVS is quite confident with the iQube and why not! In this review, we tell you is TVS' latest offering has got what it takes to be a worthy all-rounder.




view

BS-VI Royal Enfield Himalayan First Ride Review | Now in the best version of itself

BS-VI Royal Enfield Himalayan Review | To be honest, we couldn't take the new Himalayan out on, for example, a jungle trail. But we'll try to answer the only pressing question on our minds – is this the best Himalayan yet?




view

Toyota Glanza hybrid review: Is the disguised Baleno better or not?

The Toyota Glanza hybrid is one car which is hard to find faults with; perhaps just a bit more of creature comforts will have made it the go-to vehicle.




view

Honda Amaze Petrol CVT Automatic Long-Term Review: Impressive, Refined All-Rounder

Honda Amaze in its refreshed avatar is a much better looking car with improved features. However, unlike its rivals with cheaper AMTs, this one comes with a more expensive CVT. Is the Honda Amaze petrol CVT worth the extra money and how is it to drive? Read on.




view

2020 Tata Harrier BS6 automatic review: Hits and misses

The Harrier was supposed to be Tata’s second coming. But the SUV had its hits and misses with a detuned engine, no automatic offering and sparsely equipped interior. Despite being a handsome looking vehicle, the demand for the Harrier just never arrived. Now in 2020 guise, Tata claims to have ironed out all the niggles. We drove it to find out what’s new and does it have what it takes to reclaim lost ground.




view

Royal Enfield Interceptor 650 Long Term Review: 2 Months, 3,100 km Update!

Our long-termer Royal Enfield Interceptor 650 completes two astonishing months with us just before entering hibernation mode due to the 21-day lockdown. Here's our experience!




view

Renault Kwid AMT BS6 Review: Pros and cons of the Maruti Suzuki S-Presso rival

The Micro-SUV segment is just starting to take shape with Maruti Suzuki now getting on board with the S-Presso. But Renault, the pioneers of the segment, have updated the Kwid with a facelift that makes the little hatchback/SUV a little fresher. We drive to find out if the new changes have what it takes to stand strong against the new kids on the block.




view

Pharma shares index gains 40% in April; buy these 4 top stocks for long term investment | INTERVIEW

As India goes back under another lockdown till May 17, FMCG, retail and pharma sectors are likely to witness upticks in the demand.




view

Uncertainty creates volatility, here’s what investors could do to dodge the crisis | Interview

As uncertainty looms large, volatility again jumped 28% on Monday as equity markets resumed trading after a long weekend.




view

Interview: Covid-19 pandemic will accelerate digitalisation, says Anjali Bansal, founder, Avaana Capital

Startups must maintain their financial health by conserving cash, cutting down on costs and renegotiating their existing contracts.




view

Interview: Aim to break even in the next 18-24 months, says Fino Payments Bank EVP

Fino Payments Bank aims to break even in the next 18-24 months, executive vice president and head-products & alliances Ashish Ahuja tells Mitali Salian.




view

Webcast Preview: Revamp Your Video Marketing In 5 Steps

Join us on June 12 as we take an in-depth look at video marketing strategy




view

GST audit guidelines need to be reviewed to include video conferencing: Experts

As per the current goods and services tax (GST) audit guidelines, taxpayers have been broadly categorised into three groups based on their annual turnover -- large, medium and small.




view

Covid crisis: RBI Governor Shaktikanta Das meets NBFCs and MFs sector; reviews liquidity situation

Sectoral meetings, held separately in two sessions through video conference, were also attended by Deputy Governors and other senior officers of RBI, the central bank said in a statement.




view

Book Review: Al Arabian Novel Factory – A gripping tale which symbolises brutal societies and ruthless regimes

Al Arabian Novel Factory is the sequel to Jasmine Days, the story of young radio jockey Sameera Parvin, an immigrant in the city from Pakistan, and her guitar-playing colleague Ali Fardan.




view

Book Review: Stop Reading the News – A Manifesto for a Happier, Calmer and Wiser Life

A cautionary note on the heavy deluge of unnecessary knowledge that surrounds us.




view

Book Review: Stephenie Meyer’s Midnight Sun

Stephenie Meyer’s forthcoming Midnight Sun will be the long-anticipated retelling of Twilight from Edward Cullen’s point of view.




view

FM Nirmala Sitharaman to meet PSU bank chiefs on Monday; to review credit flow

The meeting, to be held via video-conferencing, will also take stock of interest rate transmission to borrowers by banks and progress on moratorium on loan repayments, sources said.





view

Book Review: 'The Tangled Web' By Michal Zalewski

No Starch Press: $49.95

If you are a security engineer, a researcher, a hacker or just someone who keeps your ear to the ground when it comes to computer security, chances are you have seen the name Michal Zalewski. He has been responsible for an abundance of tools, research, proof of concepts and helpful insight to many over the years. He recently released a book called "The Tangled Web - A Guide To Securing Modern Web Applications".

Normally, when I read books about securing web applications, I find many parallels where authors will give an initial lay of the land, dictating what technologies they will address, what programming languages they will encompass and a decent amount of detail on vulnerabilities that exist along with some remediation tactics. Such books are invaluable for people in this line of work, but there is a bigger picture that needs to be addressed and it includes quite a bit of secret knowledge rarely divulged in the security community. You hear it in passing conversation over beers with colleagues or discover it through random tests on your own. But rarely are the oddities documented anywhere in a thorough manner.

Before we go any further, let us take a step back in time. Well over a decade ago, the web was still in its infancy and an amusing vulnerability known as the phf exploit surfaced. It was nothing more than a simple input validation bug that resulted in arbitrary code execution. The average hacker enjoyed this (and many more bugs like it) during this golden age. At the time, developers of web applications had a hard enough time getting their code to work and rarely took security implications into account. Years later, cross site scripting was discovered and there was much debate about whether or not a cross site scripting vulnerability was that important. After all, it was an issue that restricted itself to the web ecosystem and did not give us a shell on the server. Rhetoric on mailing lists mocked such findings and we (Packet Storm) received many emails saying that by archiving these issues we were degrading the quality of the site. But as the web evolved, people starting banking online, their credit records were online and before you knew it, people were checking their social network updates on their phone every five minutes. All of a sudden, something as small as a cross site scripting vulnerability mattered greatly.

To make the situation worse, many programs were developed to support web-related technologies. In the corporate world, being first to market or putting out a new feature in a timely fashion trumphs security. Backwards compatibility that feeds poor design became a must for any of the larger browser vendors. The "browser wars" began and everyone had different ideas on how to solve different issues. To say web-related technologies brought many levels of complexity to the modern computing experience is a great understatement. Browser-side programming languages, such as JavaScript, became a playground for hackers. Understanding the Document Object Model (DOM) and the implications of poorly coded applications became one of those lunch discussions that could cause you to put your face into your mashed potatoes. Enter "The Tangled Web".

This book puts some very complicated nuances in plain (enough) english. It starts out with Zalewski giving a brief synopsis of the security industry and the web. Breakdowns of the basics are provided and it is written in a way that is inviting for anyone to read. It goes on to cover a wide array of topics inclusive to the operation of browsers, the protocols involved, the various types of documents handled and the languages supported. Armed with this knowledge, the reader is enabled to tackle the next section detailing browser security features. As the author puts it, it covers "everything from the well-known but often misunderstood same-origin policy to the obscure and proprietary zone settings of Internet Explorer". Browsers, it ends up, have a ridiculous amount of odd dynamics for even the simplest acts. The last section wraps things up with upcoming security features and various browser mechanisms to note.

I found it a credit to the diversity of the book that technical discussion could also trail off to give historical notes on poor industry behavior. When it noted DNS hijacking by various providers it reminded me of the very distinct and constantly apparent disconnect between business and knowledge of technology. When noting how non-HTTP servers were being leveraged to commit cross site scripting attacks, Zalewski also made it a point to note how the Internet Explorer releases only have a handful of prohibited ports but all other browsers have dozens that they block. The delicate balance of understanding alongside context is vital when using information from this book and applying it to design.

Every page offers some bit of interesting knowledge that dives deep. It takes the time to note the odd behaviors small mistakes can cause and also points out where flawed security implementations exist. This book touches on the old and the new and many things other security books have overlooked. Another nice addition is that it provides security engineering cheatsheets at the end of each chapter. To be thorough, it explains both the initiatives set out by RFCs while it also documents different paths various browser vendors have taken in tackling tricky security issues. Google's Chrome, Mozilla's Firefox, Microsoft's Internet Explorer, Apple's Safari and Opera are compared and contrasted greatly throughout this book.

In my opinion, the web has become a layer cake over the years. New shiny technologies and add-ons have been thrown into the user experience and with each of them comes a new set of security implications. One-off findings are constantly discovered and documented (and at Packet Storm we try to archive every one of them), but this is the first time I have seen a comprehensive guide that focuses on everything from cross-domain content inclusion to content-sniffing. It is the sort of book that should be required reading for every web developer.

 -Todd







view

Renewable Energy Review: Italy

Developers, manufacturers, investors and other renewable energy industry stakeholders need to know where the next big market is going to be so that they can adjust their business decisions accordingly.




view

Renewable Energy Review: Finance Mechanisms

Developers, manufacturers, investors and other renewable energy industry stakeholders need updates on the latest and greatest finance mechanisms available today. Since 2003, global consultancy Ernst & Young has released its Country Attractiveness Indices, which ranks global renewable energy markets by analyzing investment strategies and resource availability.