December 14, 2018
Starting this weekend, all SOC 2 reports with review periods ending after December 15th, 2018 must be conducted using the American Institute of Certified Public Accountants’ (AICPA) April 2017 release of the Trust Services Criteria. This blog post describes the major changes to the criteria and provides some advice for using it to prepare for your next SOC 2 audit.
December 07, 2018
When we conduct network penetration tests, we often find that the majority of accessible services are web applications. Often times, these web applications have administrative interfaces with weak/default passwords or have vulnerabilities that allow us to access sensitive data or even allow arbitrary execution of code.
November 09, 2018
Every company should have documented Information Technology policies and procedures to prepare them for regulatory requirements. However most organizations, particularly startup companies, do not have the time or expertise in drafting these very important documents.