Twitter
Daniel Compton, Information Security Consultant of 7Safe takes through a real life example of credit card data hack through seemingly secured corporate network using ”client side attacks” and “pivot attacks”.
Category: PCI DSS Requirement 11 Security Testing
A short video on how simple it is to crack WEP using AirPcap and Cain and Abel in Windows. Never use WEP in secured environments.
Introduction to a free Open Source HIDS solution OSSEC, that fulfills HIDS requirements under PCI DSS. It also has Log Management features.
Introductory concepts in Security Coding
Introduction to Penetration Testing.
An introduction to assessment techniques: Baseline Reporting, Code review, application design review, and architecture review
This presentation explains the difference between WEP and WPA. WEP is not permitted in PCI DSS, and currently only WPA2 is a permitted wireless encryption protocol.
Many IT developers and Network administrators believe that Password stealing on network is a threat hyped up. See a demo to judge for yourself. The tool used is Wireshark, which is a free open source network sniffer.
This video explains how to install SNORT, a powerful open source Intrusion Detection System. As per PCI DSS, an Intrusion Detection System is required to monitor Internet traffic, and card data traffic in internal network.
A short video on configuring the free web application security scanner, Nessus from Tenable security. Nessus also has a PCI DSS plugin. Nessus is a permitted tool under PCI DSS.
This video gives an introduction to Buffer Overflows, which lead to applications getting hacked. This is an introductory video on Buffer Overflows.
Wireless Encryption Protocol WEP is not permitted under PCI DSS as a mode for transmission of card data. See a demonstration of WEP being cracked. Usage of WEP has been identified as one of the biggest threats to card data security.
This gives a lay man introduction to a simple cross site scripting attack. Under Requirement 6 of PCI DSS, applications should not be vulnerable to cross site scripting attacks.
Please enable Javascript and Flash to view this Viddler video. Overview in FAQ format