As most people know, merchants, financial institutions and anybody else who is involved in processing credit cards are subject to the PCI DSS compliance to reduce fraud and cybersecurity risks. This affects both brick-n-mortar stores and banks as well as card-not-present (CNP) transactions that happen online. PCI DSS requirements are overseen by the PCI Security Council. Overview of PCI Requirements: “PCI Security Standards are technical and operational requirements set by the PCI Security Standards Council…
Some of my best friends are ethical hackers. With the holidays approaching, these special people in my life will need special presents. Whether they are bounty hunting, pentesting as a part of a consulting project, doing security research to advance the field or working on a Red Team, they will want tools and information to make their life easier in the new year. Pick one of the Xmas gifts from the list below, and you…
Today we will explore an exciting method to remotely execute code even if an administrator set disable_functions in the PHP configuration file. It works at most popular UNIX-like systems. CVE-2018–19518 was assigned to the vulnerability was found by a man with the @crlf nickname. Let’s see details of that vulnerability and how can we exploit it. Testing Environment For testing manipulations, we need to up a testing environment. I’ll use docker container with Debian 9…
If you have not registered yet for the main Kubernetes event in North America which will start on December 10th in Seattle, you may be out of luck. The event is sold out and is only taking the waitlist applications. But if you are going, KubeCon + CloudNativeCon promises to be a treat with the content geared for developers, IT professionals, and C-level leaders. The topics will include emerging trends in microservices architectures, cloud deployments…
Envoy, the new darling of the DevOps community, performs the role of a service and edge proxy. With advanced features such as timeouts, rate limiting, circuit breaking, load balancing, retries, stats, logging, and distributed tracing are required to handle network failures in a fault tolerant and reliable way it’s a solid choice as an API gateway and/or to manage communications among microservices in order to ensure application performance. Envoy’s out-of-process architecture can be used with…
By @aLLy , Wallarm Research Hello guys, time to talk details about Wallarm FAST (Framework for Application Security Testing). It’s a new automatic web vulnerability scanning and fuzzing detection tool by Wallarm Inc. It is well suited for security researchers in enterprise Red Teams as well as for teams in charge of test automation in CI/CD environments. The main goal of the tool is to help significantly increase security test coverage and to use Wallarm learned…