Category Archives: White Papers

Hunting HTML 5 postMessage Vulnerabilities

Download Paper: Hunting postMessage Vulnerabilities Download Sample Code: sample code Sec-1 Ltd partnered with AppCheck.com to undertake a research project investigating the security challenges posed by next generation web applications. The project included an investigation of Cross-Origin communication mechanisms provided … Continue reading

Posted in News, Tools, White Papers | Comments Off on Hunting HTML 5 postMessage Vulnerabilities

Goodbye 2014 & PCI DSS 2.0

As of the 1st Jan 2015 you cannot validate against PCI DSS Version 2 and must submit all validations against PCI DSS Version 3.0. With this in mind we’ve produced an insightful new 8-page ‘Christmas-themed’ whitepaper, written by a Sec-1 … Continue reading

Posted in News, White Papers | Comments Off on Goodbye 2014 & PCI DSS 2.0

Insider Security Threats: Reducing The Risks

A high-profile¬†news article¬†published last week brought the risk of insider threats from current or disgruntled employees to reality. A high profile retailer suffered the loss of thousands of employee data records at the hands of an employee who has since … Continue reading

Posted in News, White Papers | Tagged , , , , , , | Comments Off on Insider Security Threats: Reducing The Risks

PCI DSS 3.0, Requirement 11.3: The Segmentation Issue

As defined by the Payment Card Industry Security Standards Council (PCI SSC), the cardholder environment (CDE) consists of the people, processes and technology that process, transmits or stores cardholder data or sensitive authentication data, including any connected systems components. This … Continue reading

Posted in News, White Papers | Tagged , , , , , , , , | Comments Off on PCI DSS 3.0, Requirement 11.3: The Segmentation Issue

Paper: Automated Scanning v Manual Testing: Do you know the difference?

Automated scanning tools have their place, but should never be seen as a replacement for manual testing and an effective combined security strategy. We’ve produced a whitepaper explaining why. Below you will find a couple of short snippets from the … Continue reading

Posted in White Papers | Tagged , , , , , | Comments Off on Paper: Automated Scanning v Manual Testing: Do you know the difference?

Paper: Exploiting Transparent User Identification

This whitepaper details how a common mechanism employed by multiple Internet filtering and firewall vendors can be leveraged to gain local administrator access to domain clients, followed by domain wide administrator access given a set of conditions. Download: Whitepaper (PDF)Whitepaper … Continue reading

Posted in White Papers | Comments Off on Paper: Exploiting Transparent User Identification