Open Mobile Menu

Blog

It’s Time to Use the Latest SOC 2 Trust Services Criteria, Are You Ready?

Matthew Cooper

Written By: Matthew Cooper

December 14, 2018

Views: 42

Starting this weekend, all SOC 2 reports with review periods ending after December 15th, 2018 must be conducted using the American Institute of Certified Public Accountants’ (AICPA) April 2017 release of the Trust Services Criteria. This blog post describes the major changes to the criteria and provides some advice for using it to prepare for your next SOC 2 audit.

Read more.

Filed In: Network Security, Security Testing

Web Application Enumeration at Scale

Stephen Haywood

Written By: Stephen Haywood

December 07, 2018

Views: 240

When we conduct network penetration tests, we often find that the majority of accessible services are web applications. Often times, these web applications have administrative interfaces with weak/default passwords or have vulnerabilities that allow us to access sensitive data or even allow arbitrary execution of code.

Read more.

Filed In: Security Testing, Application Security

Securing Third Party JavaScript

Jeremy Mount

Written By: Jeremy Mount

August 20, 2018

Views: 947

Many, if not most web applications use some kind of third party JavaScript. These scripts provide useful functionality and services such as analytics, social media integration, data services, user interface features, chat capabilities and so on, however they also present a substantial risk to the confidentiality and integrity of your application and the data contained within. This is not a new topic in application security, however many companies still fail to consider or fully understand the security implications of adding code from third parties to their applications.

Read more.