PCI DSS 3.2 and Changes to PCI SAQs
PCI PCI DSS 3.2 became mandatory on the 1st of November 2016. This article will discuss changes introduced to the SAQs by the new version of the standard.
At Dionach we are proud of our well-established research and development program. Our team of consultants are focused on continually uncovering new technical vulnerabilities in software and hardware, raising the bar in security assessment services and sharing our knowledge through whitepapers and various industry channels.
Through the responsible disclosure process we have published numerous vulnerabilities in leading software applications that our team has identified.
As part of our commitment to remaining vendor independent and offering the best technical solution to each client engagement, we also develop proprietary security tools for testing methods including vulnerability scanning, spear phishing and security auditing. In practice, our consultants have a wide range of commercial, open-source and custom tools at their disposal to deliver industry-leading outcomes for our client base.
Some of our custom tools are published as open source on Dionach’s GitHub page: https://github.com/Dionach.
PCI PCI DSS 3.2 became mandatory on the 1st of November 2016. This article will discuss changes introduced to the SAQs by the new version of the standard.
One of the biggest risks with selling used or second-hand computers is the chance the new owner will be able to recover usable information from the hard drive. Over the years, a large number of different people and companies have demonstrated that used computers are frequently sold without having been
The majority of Android applications we test, even critical apps, do not prevent an attacker from successfully analysing, reverse engineering or modifying the app’s binary code. Most Android apps can easily be decompiled into readable source code that resembles the original. What can an attacker potentially do with an application’s
Cross-site scripting (XSS) is probably the most prevalent high risk web application vulnerability nowadays, and yet it is still one of the most overlooked by developers and defenders alike. At Dionach we have experienced a few situations when reporting XSS in penetration test reports as a critical or high risk
Macro malware has been on the rise over the past couple of years, but unlike the 90s, the authors now include sophisticated threat actors working on behalf of organised crime syndicates and nation state entities; something which makes this throwback threat all the more serious the second time round. This post details this issue and what can be done to help combat it.
In a recent external penetration test, I was able to chain multiple vulnerabilities together allowing me to fully compromise one of the client’s servers. Whilst many of these vulnerabilities were low risk it is important to take care of every security vulnerability to minimise risk to systems. The scope was
LogMeIn Rescue is a well-known and widely used remote access tool, primarily designed for IT staff to provide end users with support. A typical LogMeIn Rescue session will look something like this: A user calls the support technician with a problem. The technician sends the user a link, which lets
Antonio Sánchez, Lead Consultant In a recent web application penetration test I was challenged with figuring out how to fully compromise a client’s website. The site was using the latest version of WordPress, and although they had a few plugins installed, they seemed to be patched as well. However, I
Rona Young, Head of Global Marketing & Communications I recently joined Dionach, an independent information security consultancy, after spending most of my career managing crisis communications (reputation protection) and marketing operational risk management services within HSE consultancies. Rising to the challenge of learning a new industry, its services and methods