|
This whitepaper discusses the basics of firewalls, and the relationships between firewalls, segmentation, and the PCI DSS. Also presented is a step-by-step discussion of firewall ruleset reviews; as well as discussion about tight firewall rules, PCI scope, security levels, and bastion hosts.
|
|
When a payment application must be PA-DSS Validated, the following are needed: technical expertise to interpret the PCI SSC's PA-DSS accurately; forensics experience to begin the PA-DSS Validation properly, and technical writing skills to develop the PA-DSS Implementation Guide smoothly.
|
|
This Whitepaper presents the concept of organizations working toward resiliency, aided by information security professionals in five distinct teams. Advisory Services, Profiling & Penetration, Audit & Compliance, Risk Management, and Business Preservation Services professionals combine their skills and expertise to foster and support organizational resiliency. The paper uses an analogy of a boxer whose corner people help him to become resilient by managing, training, and sparring with him.
|
|
This whitepaper will discuss the new security issues with web services, describe a new web service testing methodology, discuss new Metasploit modules and exploits for attacking web services, and introduce a collection of open source vulnerable web services designed to be used within the Damn Vulnerable Web Application (DVWA) that can be used by penetration testers to test web service attack tools and techniques.
|
|
This white paper discusses and illustrates how to exploit a vulnerability in certain versions of Promise Technology’s Web based Promise Array Management (WebPAM) Software in order to obtain remote command execution on the server on which WebPAM is running. The WebPAM software is used to “simplify RAID storage management”. The attack takes advantage of a publicly accessible interface which allows SQL commands to be run on the underlying HSQL database. Using this interface it is possible to create a stored procedure which allows an attacker to compromise the underlying operating system.
|
|
Performing hundreds of Vulnerability Assessments for clients I encountered many Vulnerability Mgmt Programs which provided little value to the organization. The problems in some Programs were so severe they easily could be placed in the following list.
|
|
This Whitepaper discusses the necessity and process of building security into your Software Development Life Cycle (SDLC). The steps needed to undertake the process while avoiding any pitfalls and we look at where security needs to fit in to the SDLC.
|
|
SiteScape
Enterprise
Forum
is
a
web
application
that
provides
a
large
scale
collaborative
environment.
It
is
used
by
many
organizations
for
communication
and
documentation.
The
application
itself
is
capable
of
running
on
both
IIS
and
Apache,
making
it
an
attractive
solution
to
a
variety
of
companies.
Part
of
the
power
behind
SiteScape
Forum
is
the
ability
for
it
to
be
extended
with
custom
code
by
the
developers.
It
is
through
this
functionality
that
it
can
be
exploited
to
ultimately
compromise
the
server.
This
white
paper
will
discuss
practical
exploitation
of
a
vulnerability
within
a
specific
resource
of
the
SiteScape
Forum
web
application.
|
|
This white paper delineates the threats that botnets pose and goes over the history and proliferation of botnets. In addition, it outlines security controls that can mitigate the risk.
|
|
This is a whitepaper on how to determine passwords for social network accounts through information posted on the profiles of social network users.
|
|
This is a case study of an information security analysis of many leading social media websites designed for children. This paper presents the findings of Web application security reviews of multiple sites, and discusses where the sites are proficient and, more importantly, gaps identified which could allow an attacker to prey on children.
|
|
Worksheet designed with the intent of assisting an auditor in the selection process of a penetration tester.
|
|
SecureState’s Matt Davis discusses many of the business challenges for bank in getting PCI compliant with their many roles and thus how likely it is that most are out of compliance.
|
|
SecureState’s Matt Davis discusses why Mainframe systems aren’t as robust in information security as many think. He discusses how they are the core of processing all critical data and transactions and how they can easily be breached in most environments.
|
|
SecureState discusses a manufacturing company's Internet facing media portal and its use of encryption on top of the Web application in an attempt to thwart attacks from hackers.
|
|
Official guidelines for social media at Company XYZ.
|
|
In this paper, SecureState President and CEO Ken Stasiak explains in detail the simple, cost effective steps small organizations can take to keep their information secure.
|
|
SecureState’s Matt Davis discusses HIPAA and those individuals who must abide by it to understand the current state of compliance. In addition, he discusses what needs to change to avoid involving FEMA or DHS.
|
|
SecureState's own Dave Kennedy has released another Windows Exploit, Bypassing Hardware Based Data Execution Prevention (DEP) on Windows 2003 Service Pack 2.
|