Payment Card Industry (PCI) – Data Security Standard is standard set based on a consensus based process led by 5 major credit card companies. It is not a government enforced standard and compliance is enforced by the credit companies.
Non-compliance results in higher fees and severe fines in the event of breach. All merchants and service providers collecting and processing credit card transactions are required to comply with the PCI-DSS. Version 1.2 of the standard was released in October 2008.
Section 6.6 of the PCI-DSS requires that for all public-facing applications, new threats and vulnerabilities should be addressed on an on-going basis and ensure that the applications are protected against know attacks.
Continue reading “PCI Compliance-Code Review or Web Application Firewall”
Wireless network has become one of the weakest security links in IT infrastructure in recent times. Many security incidents have been linked to weak configuration of the Wi-Fi router at home / office. This article gives a checklist of 7 basic steps to secure your Wi-Fi router. Continue reading “7 Basic Steps to Secure Your Wireless Router”
Basic Security Module or BSM is the audit tool used by Solaris Operating System. The BSM files are located in the /etc/security directory. To enable the BSM, the administrator has to run the bsmconv script. This script creates a number of files in the /etc/security directory. In this article we shall discuss two important files that are created viz. Audit Control File and Audit User File Continue reading “Audit of Solaris BSM – An Overview”
Imagine the situation of losing one’s laptop. What is the cost? It involves not only losing a significant expense but also the data stored in it which may range from personal data like photos, important numbers, music, software etc to corporate data where the cost involved could be unimaginable. A recent survey conducted by Dell and Ponemon Institute reveals that upto 12000 laptops are stolen in the United States Airport every week. This means one laptop is getting stolen every 50 seconds approximately!! Continue reading “US loses one laptop every 50 seconds in its airport!!”
Web applications are those that are accessed using web browsers like Firefox or Internet Explorer. The protocol used by web applications is called Hyper Text Transfer Protocol (HTTP). The secure version of this protocol is HTTPS.
Continue reading “Session Management in Web Applications”
Botnets are suddenly in the news for all the wrong reasons. What are botnets and why are they in the news?
Continue reading “Botnets – What you need to know”