Under PCI DSS, SQL Injections are considered a major threat to card data web applications. What is SQL Injection ? How is it done ? Find SQL Injection in action.
The best ways of storing passwords is hashing them with a salt. What is a hash ? What is a salt ? Find out.
AES Algorithm is a PCI DSS preferred and permitted cryptographic symmetric key algorithm. 256 bits key length is preferred though 128 bits is acceptable. A beautiful visualization under the hood on how AES algorithm works.
Daniel Compton, Information Security Consultant of 7Safe takes through a real life example of credit card data hack through seemingly secured corporate network using ”client side attacks” and “pivot attacks”.
Application Patch Management principles
What do we mean by Change Management
Introduction to Web Application Firewalls
Introductory concepts in Security Coding
Many IT developers and Network administrators believe that Password stealing on network is a threat hyped up. See a demo to judge for yourself. The tool used is Wireshark, which is a free open source network sniffer.
Hashing is one of the permitted methods under PCI DSS to render card data unreadable. This presentation explains the basics of Hashing. Permitted hashing algorithms change, so please keep an eye of PCI Security Standards Council for latest guidelines on hashing.
An excellent use of tokenization to eliminate card data from customer communication.
This video gives an introduction to Buffer Overflows, which lead to applications getting hacked. This is an introductory video on Buffer Overflows.
This gives a lay man introduction to a simple cross site scripting attack. Under Requirement 6 of PCI DSS, applications should not be vulnerable to cross site scripting attacks.