by John Verry | May 11, 2018 | Penetration Testing
Editor’s Note: This post was originally published in September 2015 and has been updated for accuracy and comprehensiveness. For some time, CPA firms, qualified security assessors (QSAs) and similar entities that focus on security attestation have been including... by John Verry | Mar 6, 2018 | Security Awareness Training
For an organization to comply with Payment Card Industry Data Security Standard (PCI DSS) Requirement 12.6, they must have a formal security awareness program in place. On reviewing a number of these programs over the last few years, I have been surprised to note how... by Bhaumik Shah | May 21, 2015 | Security Awareness Training
Hackers are relentless in their targeted attacks on application-level security vulnerabilities. The way to mitigate these risks is to write more secure code. Cybercrime risk isn’t the only reason to focus on software security. It’s mandated as part of many information... by John Verry | Jun 24, 2009 | Penetration Testing
On first blush providing credentials to a tiger team conducting penetration tests sounds like giving the fox a key to the chicken coop. However, there are many cases where it can provide significant value. For example; you want to assess whether an authenticated...
