A recent report revealed a 32% increase in cross-site scripting (XSS) and SQL injection attacks on the web-facing and cloud applications that carry sensitive information about organisations and their customers.
Advances in technology and ever-increasing knowledge around these attack techniques mean that this is set to increase. In light of this, organisations should brace themselves for a spate of activity.
Posted in News
Tagged cross-site scripting, Imperva, Leeds, penetration testing, Sec-1 Ltd, SecureSphere, SQL injection, WAF, Web Application Firewall, web applications, XSS
As defined by the Payment Card Industry Security Standards Council (PCI SSC), the cardholder environment (CDE) consists of the people, processes and technology that process, transmits or stores cardholder data or sensitive authentication data, including any connected systems components.
This means a penetration test of the CDE must include the analysis of card data flow in electronic form on any system within the CDE and any connected systems.
Sec-1 is delighted to have supported the 2013 Cyber Security Challenge UK last weekend as part of the first cyber camp of its kind to be held in Scotland.
The Cyber Security Challenge is a nationwide set of competitions to recruit talented people into the field of cyber security to continue the UK’s fight against online crime.
Automated scanning tools have their place, but should never be seen as a replacement for manual testing and an effective combined security strategy. We’ve produced a whitepaper explaining why. Below you will find a couple of short snippets from the paper:
What is automated scanning?
Simply put, automated testing is a means to provide breadth during a security assessment to reduce the time and effort required to discover and report on issues.