Posts Categorized: Penetration Testing Certificate

Penetration Testing Certificate

A Penetration Testing Certificate that details key features of a recent test can be invaluable. An independent verification that a test on particular networks or technology components has taken place on a particular date or period of time. Also included are the testing methodologies and security standards employed to support the security assessment. Why Is... Read more »

ASV Scan Responsibilities

Approved Scanning Vendor

The ASV Program Guide describes the various responsibilities for all parties involved in the PCI ASV Scanning process. There are a number of parties, but here we’re just concentrating on two. They are the scan customer (you) and the Approved Scanning Vendor (Ambersail). The following text is taken from the official ASV program guide, which… Read more »

Cheat Sheet: Virtual Web Application Patching

Do you operate public-facing web applications in your card data environment? Here’s a¬†pointer to a great source of information from the Open Web Application Security Project (OWASP) on the subject of virtual patching. What is virtual patching? Within the context of web vulnerabilities, this refers to the practice of applying a defensive layer to intercept… Read more »

Apple iOS Security Guide

Apple has (somewhat quietly) published a guide to iOS security. If you’re building apps on the iOS platform then this document will certainly be of interest to you. For example there are details of the platform’s data protection and encryption mechanisms. Download the PDF from here.