Category · Tutorials

Business Logic Pitfalls in Trading Applications (Blog Series) – 2

posted on Dec 3, 2013 by Subu Ramanathan Comments:0

Hi there folks, Here is the second pitfall that we’ve seen in securities trading applications in capital markets. Quantity is relevant to business In the capital markets business trading securities is a wholesale game. Whether, it is trading fixed income securities, equities or forex, the quoted prices are based on minimum quantity that is enforced…

Porting the Gitorious installer from supporting only RedHat/Centos to support Ubuntu/Debian

posted on Nov 19, 2013 by Guest Blogger Comments:0

As our company grows we have started experiencing some pain points with using bare git repositories for our revision control. Compared to GitHub the following are the features that are most missed: Graphical branch views Access control and access via git/https protocols Merge/Pull requests Activity tracking We also wanted full LDAP integration for authentication and authorization,…

5 Common Windows Hardening Misconfigurations

posted on Oct 24, 2013 by Guest Blogger Comments:0

Over numerous Windows configuration review engagements that we have performed for our clients, we observed a common pattern in the configuration weaknesses that are worth highlighting here. The 5 common misconfigurations we observed are as follows:   Insufficient Log sizes Unnecessary Services Weak Communication Settings (LANMAN)  Weak Password Protection  Weak TCP/IP Configuration In the remaining…

Your Guide to Evaluating Security CBT Programs (Part 1)

posted on May 3, 2013 by Oliver Ng Comments:0

Note: At the end of this series, I’ll provide a free tool that you can use to make your own evaluations easier, so keep an eye out for it! With the variety of Computer Based Security Training (CBTs) out there, it can be tough to make a decision around what to consider when choosing the…

Mobile Application For Your Hacking Pleasures

posted on Apr 3, 2013 by sahba Comments:0

A short while back we released ExploitMe Mobile (EMM), our free, open source project demonstrating common Mobile Security vulnerabilities  in the iOS and Android platforms. ExploitMe Mobile is a training platform built based on the common Mobile Security and Application Security pitfalls. The objectives of the ExploitMe Mobile training platform are: Capture the common security…

I know youd love CPEs and free OWASP training

posted on May 25, 2012 by Oliver Ng Comments:0

Author: +Oliver Ng I’m happy to announce a partnership with ISC2 to bring you our OWASP course complimentary  for CISSP members.  Access is limited to the next 30 days, so get in on it fast and collect your 2 CPEs for watching these videos. These videos also outline our great new training format for CBTs that…

New Mobile Security Course and ExploitMe Mobile

posted on Oct 15, 2011 by Oliver Ng Comments:0

At Security Compass, we have been working hard to expand our training offerings. We’re most excited about our new Mobile Hacking and Security course. If your organization is working with mobile applications this course is a fantastic primer on how mobile apps can be hacked, and how your teams can defend against these software defects. We’ll…

Viruses and Malware

posted on Aug 3, 2011 by Oliver Ng Comments:0

Our video series continues with the second video in our Safe Online Banking series about Viruses and Malware. You know those annoying viruses that just won’t leave your computer alone? Criminals have realized there is money to be made by placing viruses and malware on your computer. The Bad guys make money by tracking you while…

Weaponizing the Android Emulator (plus a new tool)

posted on Jul 22, 2011 by seccom Comments:4

Today, we’re going to look at a scenario where the Android Emulator can be repurposed as an exploitation tool. Specifically, we will look at attacks that involve cloning an application and user data from a stolen Android phone onto a computer running the Android emulator. An attacker that does this will be able to use…