We wanted to remind those organizations impacted by the Payment Card Industry Data Security Standard (PCI DSS) that two “best practices” will be maturing and going into effect as requirements after June 30th.
Both of the soon-to-be requirements fall under the section of the Standard devoted to developing and maintaining secure systems and applications (Requirement 6).
As a frequent business traveler and coffee shop web surfer, I am becoming more and more cognizant of what I am connecting to when it comes to Wi-Fi networks. Not only am I aware of what types of networks I am connecting to, but also where I am connecting (e.g. coffee shops, hotels, airports, etc.). Granted, my awareness is heightened due in part to the fact that I work in the Information Security field with some exceptionally brilliant minds who know the ins and outs of public and private Wi-Fi networks.
Recently, an article was published by Information Week that delved into some strategies for blocking hotel Wi-Fi malware. The post was inspired by a recent FBI advisory that made a point to mention that malware authors are targeting travelers abroad via pop-up in-browser windows.
At first glance you may say to yourself that you rarely travel abroad, therefore, you have nothing to worry about. Even if that is the case, you should always keep your guard up. Although the recent advisory was pointed at travelers abroad, the security essentials that the article points to can, and should, be applied to anyone.
Malware analysis is an obsession for me. So when I heard that No Starch Press was coming out with a new book called Practical Malware Analysis (also available at Amazon), I had to pick it up. Having read several No Starch Press books, I was confident that the content of the book was going to be good. Once again, No Starch Press did not let me down.
The writers, Michael Sikorski and Andrew Honig, did an excellent job of starting off with the basics. They include a “Chapter 0,” called Malware Analysis Primer, before diving into the more in-depth concepts. From there, the book consists of six major parts, with each comprised of three to four chapters. The huge bonuses of this book in my eyes are the hands-on labs at the end of each chapter. These labs help solidify the concepts that appear within the chapter.
For those who may be considering checking out the book, I thought I would include a brief description of each section here:
This is part 2 of a 10-part series. You can check out part 1 here.
Some of you may already be familiar with the Open Web Application Security Project (OWASP) and its Top 10 2010 list due in part to Requirement 6.5 of the Payment Card Industry Data Security Standard (PCI DSS):
6.5 Develop applications based on secure coding guidelines. Prevent common coding vulnerabilities in software development processes.
For those of you who are not familiar with OWASP and their Top 10, the OWASP Top 10 2010 was aimed at highlighting simple problems that can plague applications and ultimately undermine security.
If you missed it, be sure to check out the previous post on A1: Injection. Here’s the second OWASP application security risk - Cross-Site Scripting.
Brookfield, WI – June 1, 2012 – 403 Labs, LLC, a leading information security consulting and services company, has been certified as a Qualified Security Assessor for Point-to-Point Encryption (QSA (P2PE)) and Payment Application Qualified Security Assessor for Point-to-Point Encryption (PA-QSA (P2PE)) by the Payment Card Industry Security Standards Council (PCI SSC).
