Posts Categorized: security

Blocking Your Penetration Tester is a Bad Idea

What’s wrong with blocking your penetration tester? You’ve invested in technologies that prevent the bad guys from scanning your site and finding problems that they might be able to exploit. To be sure things are working, you commission a penetration test, and ask the penetration tester to see if the defences can be defeated. You block… Read more »

What is SQL Injection?

What is it? Put simply, SQL or sometimes “sequel” injection is a web site security fault that enables a hacker to steal the private or confidential data that you have available on your web site. It is surprisingly common, can have a devastating business impact, and is easy to prevent. Now you too can answer the question “What… Read more »

6 Signs Of Poor Cyber Security Health

cyber security

Business owners: is your cyber security health at risk? I can tell you that the bar for cyber security health in many small businesses is very low indeed. There are two important facts I’d like to point out concerning the cyber security health of the nation. Firstly, that the economy consists mostly of smaller businesses, many… Read more »

Cyber Essentials

We’re pleased to announce that Ambersail is a Cyber Essentials Certification Body and we can help you achieve either Stage 1 or Stage 2 compliance as required. Cyber Essentials is a UK Government-sponsored scheme open to organisations of all sizes.  It includes a formal certification showing adherence to a basic set of information security controls. It is… Read more »

PCI: Your eCommerce Web Sites Are In Scope

“Essentially, all merchant eCommerce sites that previously escaped mandatory security assessment can no longer be overlooked.” We now anticipate that many small merchants will find their web sites in scope for PCI compliance under PCI DSS v3. We wrote earlier this year concerning the potential for scope changes brought about by PCI DSS v3. Now that the official v3 SAQ documents… Read more »

Apple Secure Coding Guide

We note that Apple has just released a document entitled “Secure Coding Guide” and it covers OSX and iOS development. >From the intro: “Secure coding is important for all software; if you write any code that runs on Macintosh computers or on iOS devices, from scripts for your own use to commercial software applications, you… Read more »

Recovering from a Hacking Incident: A Guide

By Andrew Lisa Getting hacked is never fun, all too common, and never 100 percent preventable. Hackers can impersonate you, damage your online reputation, or steal your money. In the event that it happens to you – and it’s very likely that it may – the actions you take in the immediate aftermath will determine… Read more »

The Impotence of Passwords

cyber security

No, that’s not a typo. More evidence has emerged that millions of people  choose poor quality passwords.  This is perhaps less surprising than it is disappointing. Why are we still having this discussion? Why is the most widely-deployed authentication factor in the world so poorly implemented? Unfortunately, the truth lies in the fact that, if… Read more »