Issue #38 June 2009
Understanding Encryption Requirements of PCIDSS
by Hrishikesh Sivanandhan
At information security conferences, there are heated discussions on the difficulties faced by the merchants/service providers in complying with the encryption requirement of PCIDSS. Inability to comply with the requirements often lead the vendor to seek refuge under the section called “Compensatory Control”. As compensatory controls are subject to the interpretation of the assessors and the vendor, adversaries are making the most of this situation by exploiting the loopholes left behind while implementing these workarounds.… more →
Catching Back Doors through Code Reviews
by Nilesh Kapoor
Off late, code reviews have been gaining a lot of popularity. Organizations which till recently were content with a secure network and an occasional Penetration Test are now getting their application’s code reviewed before going live.… more →
Securing PHP using Hardening Patch and Suhosin
by Avinaash Acharya
The National Vulnerability Database shows that 953 vulnerabilities were discovered in PHP during the first quarter of 2009. Most of the PHP vulnerabilities can be exploited remotely. Threats to database and web servers linked to PHP applications are high since PHP programs are executed dynamically on the server side. So when it comes to PHP Security, ignorance is definitely not blissful. There are several methods to secure PHP. We discuss the use of hardening patches and its extensions in this article.… more →