Cell phones have become ubiquitous in recent times. Everyone has one. Use of the cell phone as an authentication method is not only a convenient method of raising asurrance levels for logins, but it can also be a significant cost savings when compared to traditional methods. (continue reading…)
The tool WhatWeb needs to be added to any pen tester’s arsenal. WhatWeb is not a web vulnerability scanner such as Nikto, Acunetix, and Skipfish, but rather identifies the platform the CMS is running on, a feature not so widely supported. WhatWeb has over 160 plug-ins used to identify many platforms. It uses two types of plug-ins, passive and aggressive. The passive plug-ins will try to identify the web applications using simple GET requests while the aggressive plug-ins use techniques such as URL guessing. (continue reading…)
Suricata is a multi-threaded intrusion detection/prevention engine. This engine claims it is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. The Suricata Engine is funded by the Department of Homeland Security’s Directorate for Science and Technology HOST program (Homeland Open Security Technology), by the the Navy’s Space and Naval Warfare Systems Command (SPAWAR).
Whois.py is a script that makes it fast and easy to store Arin information about specific IPs. The script was written with no library dependencies or setup steps. It runs on multiple platforms. (continue reading…)
The OpenSSH package comes installed on most Linux distributions; however, the default configuration has some potential security risks as it favors functionality over security. Here are a three things you can do to greatly reduce your attack foot-print. (continue reading…)
Part 2 – Logging
Complying with PCI DSS logging and audit trail requirements can be very challenging
for many organizations. We will be stepping through a selection of logging and audit
trail requirements that are among the more challenging requirements to meet and outline
possible approaches and solutions for each. (continue reading…)
Part 1 – Encryption
Properly meeting the encryption related requirements for the PCI DSS can be one of
the most challenging areas for many organizations. We will be reviewing specific challenging
encryption requirements and breaking them down to help clarify what is really intended
by each requirement and what are some possible approaches to meet the requirements. (continue reading…)
If you have any questions about our services, please contact us.
(888) 4-TEVORA
Contact Us Now!
One Spectrum Pointe Drive, Suite 200
Lake Forest, California 92630.
Tel: 949.250.3290
Fax: 949.250.9993
Email: info@tevora.com
Driving directions
7485 Rush River Drive, Suite 710
Sacramento, CA. 95831
Tel: (888) 4-TEVORA
Fax: 925.369.0307
Email: norcal@tevora.com
Driving directions
Tevora South America
Alameda Jaú
1742 / 8 Andar
CJ 81 - São Paulo - Brasil
Tel:+55 11 3063-1853
www.tevora.com.br