From the Blog

Data Protection
Peter

Protect your business

We are living in interesting times as far as information security is concerned. Does it not seem that every few months a large multinational or well established British brand/individual appear to have been the victims of hackers?

Read More »
Penetration Testing
Peter

5 Things You Should Know about PCI DSS Penetration Testing

The Payment Card Industry Data Security Standard, commonly shortened to PCI-DSS, was introduced to provide a minimum degree of security when it comes to handling customer card information. While the standard has been around for over a decade, specific requirements surrounding the penetration testing have only recently been officially incorporated into the process.

Read More »

Fixing SSL Medium Strength Cipher Suites Supported

Nessus Summary Nessus Plugin ID: 42873 CVSS v3.0 Base Score: 5.3 Nessus Description: The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.

Read More »

Fixing SSL Null Cipher Suites Supported

Nessus Summary Nessus Plugin ID: 66848 CVSS v3.0 Base Score: 5.3 Nessus Description: The remote host supports the use of SSL ciphers that offer no encryption at all. Note: This is considerably easier to exploit if the attacker is on the same physical network. How to Fix Null cipher suites is where a zero level

Read More »

Fixing Weak Cipher Suites

Nessus Summary Nessus ID: 26928 CVSS v3.0 Base Score: 5.3 Nessus Description: The remote host supports the use of SSL ciphers that offer weak encryption.Note: This is considerably easier to exploit if the attacker is on the same physical network. How to Fix This vulnerability is cased by a weak strength cipher being present in

Read More »

Fixing SSL RC4 Cipher Suites Supported (Bar Mitzvah)

Nessus Summary Nessus ID: 65821 CVSS v3.0 Base Score: 2.6 Nessus Description: The remote host supports the use of RC4 in one or more cipher suites. The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so that a wide variety of small biases are introduced into the stream, decreasing its

Read More »

Fixing SSL Certificate Chain Contains RSA Keys Less Than 2048 bits

Nessus Summary Nessus ID: 69551 CVSS v3.0 Base Score: 1.4 Nessus Description At least one of the X.509 certificates sent by the remote host has a key that is shorter than 2048 bits. According to industry standards set by the Certification Authority/Browser (CA/B) Forum, certificates issued after January 1, 2014 must be at least 2048

Read More »

contact form 7 vulnerability

Contact Form 7 Vulnerability was published by our penetration tester, Hannah Sharp, in February of 2014. The Rock Lobster Contact Form 7 WordPress plugin, prior to version 3.7.2, could allow remote attackers to bypass the CAPTCHA protection mechanism and submit arbitrary form data by omitting the _wpcf7_captcha_challenge_captcha-719 parameter. The Contact Form 7 vulnerability was discovered

Read More »
Scroll to Top