The PCI DSS is a minimum set of requirements designed to help organisations protect customer cardholder data, minimise fraud, plus prevent, detect and respond to cyber-attacks. All organisations that accept and/or process credit card payments are required to undertake an annual PCI DSS audit of security controls and processes, covering areas of data security such as retention, encryption, physical security, authentication and access management. Version 3.2 of the PCI DSS was introduced in 2016.

During a recent bug hunting binge I discovered my first two vulnerabilities that could be exploited to achieve remote code execution (RCE). No bragging rights were earned though, because finding and exploiting these issues was incredibly straightforward. I’m not humble bragging here (I wish). In fact, the issue underlying both vulnerabilities, which each affect a different content management system (CMS), is very basic and was literally the second thing I checked for.

Although businesses have been tasked with addressing a number of remote assets associated with off-site resources such as a sales force that’s often mobile, the number of remote endpoints has grown exponentially. The laptops and mobile devices needed to facilitate working from home full-time for a large percentage of their workers given recent global events has exploded.

OWASP stands for The Open Web Application Security Project. It is a non-profit foundation that works to improve application security for software. Through community-led projects globally, it is a great source for tools, resources, education & training for developers and technologists to secure the web and mobile applications. Read our article to learn more about the OWASP top 10 vulnerabilities with examples.

Nginx is the web server powering one-third of all websites in the world. Detectify Crowdsource has detected some common Nginx misconfigurations that, if left unchecked, leave your web site vulnerable to attack. Here’s how to find some of the most common misconfigurations before an attacker exploits them. Nginx is one of the most commonly used web servers on the Internet due to it being lightweight, modular, and having a user-friendly configuration format.

Over the past year, the financial services industry has been challenged with pivoting its operations to a fully digital model, putting the security of its software center stage. Despite the unanticipated pivot, our recent State of Software Security v11 (SOSS) report found that the financial services industry has the smallest proportion of applications with security flaws compared to other sectors, along with the second-lowest prevalence of severe security flaws, and the best security flaw fix rate.

A Government Business Council report from September of this year found 63% of federal employees are fully remote, with many expecting to remain that way for at least the next six months. In this new reality, mobile devices have become a critical lifeline. But the mobile phones and tablets that keep us efficient and effective also open our organizations up to new risks against which existing security does not defend.