пятница, 23 апреля 2010 г.
Hacking ATM
really good presentation by Dimitris Petropoulos about ATM and HSM hacking which combines all known and new attacks on PIN algoritms. Must see for everyone who is interested in PIN (IN)security :)
четверг, 22 апреля 2010 г.
NEW TOPIC: "Complying with PA-DSS" Requirement 5.2.1 (Practical guide to fix XSS vulnerabilitiess)
I topic "Complying with PA-DSS" i will show a different ways which will help you to comply with different Requirements.
So as we start to talk about web application security in previous topic lets continue in this area. The most popular web application vulnerability is XSS as u mentioned earlier so here is the guide for developers how to fix XS vulnerabilities and write secure code.
So as we start to talk about web application security in previous topic lets continue in this area. The most popular web application vulnerability is XSS as u mentioned earlier so here is the guide for developers how to fix XS vulnerabilities and write secure code.
Importance of web application security in PA-DSS certification
WhiteHat Security published report with different statistics about web application vulnerabilities which shows the importance of web application security assessment which is needed in Requirement 6.5 of PCI DSS and 5.2 of PA-DSS.
More on importance of application security in PA-DSS assessment in presentation from Cardexpo which will be available soon.
More on importance of application security in PA-DSS assessment in presentation from Cardexpo which will be available soon.
вторник, 20 апреля 2010 г.
OWASP Top 10 Final version Released
On April 19, 2010 OWASP released the final version of the OWASP Top 10 for 2010, and here is the associated press release.
The OWASP Top 10 Web Application Security Risks for 2010 are:
A1: Injection
A2: Cross-Site Scripting (XSS)
A3: Broken Authentication and Session Management
A4: Insecure Direct Object References
A5: Cross-Site Request Forgery (CSRF)
A6: Security Misconfiguration
A7: Insecure Cryptographic Storage
A8: Failure to Restrict URL Access
A9: Insufficient Transport Layer Protection
A10: Unvalidated Redirects and Forwards
Now u must use those risks in PCI DSS and PA-DSS compliance assessments .
The OWASP Top 10 Web Application Security Risks for 2010 are:
A1: Injection
A2: Cross-Site Scripting (XSS)
A3: Broken Authentication and Session Management
A4: Insecure Direct Object References
A5: Cross-Site Request Forgery (CSRF)
A6: Security Misconfiguration
A7: Insecure Cryptographic Storage
A8: Failure to Restrict URL Access
A9: Insufficient Transport Layer Protection
A10: Unvalidated Redirects and Forwards
Now u must use those risks in PCI DSS and PA-DSS compliance assessments .
понедельник, 19 апреля 2010 г.
New topic: latest certified PA DSS applications
From this day i will post here the latest PA-DSS certified applications:
This week we have 2 press releases:
1. 17 april 2010: SalePoint Announces PA-DSS Validation of Trovato Point of Sale Software
2. 13 april 2010 Hypercom Payment Software Earns PCI PA-DSS Security Validation
This week we have 2 press releases:
1. 17 april 2010: SalePoint Announces PA-DSS Validation of Trovato Point of Sale Software
2. 13 april 2010 Hypercom Payment Software Earns PCI PA-DSS Security Validation
PA DSS and open source applications
Really good article about problems of certificating open-source applications.
As i see (And my point of view is the same like in article), the most problems lay on the process of development. Those things like SLDC, secure updates, change control and documentation of process is really hard to implement when u talk about open-source software. And of-cause there if a problem with payment for certification,i don't think that developers can pay 30k$ or about for certification precess )
As i see (And my point of view is the same like in article), the most problems lay on the process of development. Those things like SLDC, secure updates, change control and documentation of process is really hard to implement when u talk about open-source software. And of-cause there if a problem with payment for certification,i don't think that developers can pay 30k$ or about for certification precess )
пятница, 16 апреля 2010 г.
Developers Guide to PCI DSS and PA-DSS Requirements
Подписаться на:
Сообщения (Atom)
