Insider Security Threats: Reducing The Risks

A high-profile news article published last week brought the risk of insider threats from current or disgruntled employees to reality. A high profile retailer suffered the loss of thousands of employee data records at the hands of an employee who has since been arrested.

This real life example and the exposure of this attack has propelled this type of threat to the forefront with a recent study by Sec-1 partner, Imperva, identifying that 70% of employees admit to accessing data which they shouldn’t.

Continue reading

Posted in News, White Papers | Tagged , , , , , , | Comments Off

ShareCheck Windows Enumeration Tool v2.0

Sec-1 ShareCheck

The Sec-1 ShareCheck tool was designed for use during penetration tests against Microsoft Windows based networks. The aim of ShareCheck is to quickly identify configuration vulnerabilities that could be exploited to gain unauthorised access to systems and data without using aggressive exploit techniques.

ShareCheck helps identify the following vulnerabilities:
Continue reading

Posted in Tools | Leave a comment

Time For Better Web App Security As SQL & XSS Threats Surge

A recent report revealed a 32% increase in cross-site scripting (XSS) and SQL injection attacks on the web-facing and cloud applications that carry sensitive information about organisations and their customers.

Advances in technology and ever-increasing knowledge around these attack techniques mean that this is set to increase. In light of this, organisations should brace themselves for a spate of activity.

Continue reading

Posted in News | Tagged , , , , , , , , , , | Comments Off

PCI DSS 3.0, Requirement 11.3: The Segmentation Issue

PCI PicAs defined by the Payment Card Industry Security Standards Council (PCI SSC), the cardholder environment (CDE) consists of the people, processes and technology that process, transmits or stores cardholder data or sensitive authentication data, including any connected systems components.

This means a penetration test of the CDE must include the analysis of card data flow in electronic form on any system within the CDE and any connected systems.

Continue reading

Posted in News, White Papers | Tagged , , , , , , , , | Comments Off

Booking Now Open for Free Seminars

Pen Testing Seminar 010313We run regular complimentary 1-day Penetration Testing Seminars (PTS) across the UK, and we’ve recently announced dates and locations for our last seminars of 2013.

They are:

  • 11th October 2013 – Manchester (Now fully booked)
  • 1st November 2013 – London
  • 6th December 2013 – Newcastle

Continue reading

Posted in News | Tagged , , , , , , | Comments Off

Sec-1 Supports 2013 Cyber Security Challenge

Sec-1 is delighted to have supported the 2013 Cyber Security Challenge UK last weekend as part of the first cyber camp of its kind to be held in Scotland.

The Cyber Security Challenge is a nationwide set of competitions to recruit talented people into the field of cyber security to continue the UK’s fight against online crime.

Continue reading

Posted in News | Tagged , , | Comments Off