June Breakfast Brief – ‘SDL – what?’

Securus Global Breakfast Brief Invitation:

‘SDL – What?’


Sessions:
Sydney: Tuesday 19th June,Securus Global – Level 17, 31 Market Street (8:15am to 9:30am), Breakfast Included.
Melbourne: Thursday 21th June, Securus Global – Level 8, 50 Queen Street (8:15am to 9:30am), Breakfast Included.
Please note that places are limited to the first 20 people.

Overview:
Many of the security assessments and penetration tests that Securus Global performs are against applications. The applications can be web-based, mobile applications or indeed compiled, fat-clients. Although the method of presentation for each application may differ, they all share one common trait – security requirements should be included throughout the application development life cycle and often aren’t.

The goal of this presentation is to provide particular insights that Securus Global has into the application of a Security Development Life Cycle, why an SDLC should be in place, what happens when things go wrong, but also some of the benefits of having a robust SDLC in place.

Presenter:
Steve Darrall, Practice Manager, Securus Global

RSVP:
Please confirm your attendance and required session by emailing: jh@securusglobal.com

Tips for maintaining PCI compliance – ZDNET Article

Recently at our April Breakfast Briefs in Sydney and Melbourne, Steven Surdich one of Securus Global’s resident PCI DSS experts and QSA’s provided an address on the importance and trials of maintaining PCI DSS Compliance all year round, rather than just a point of time excercise when an Audit is due.

There are many very pragmatic strategies and processes that can be employed which do not need to be difficult or complex if implemented as part of business as usual process and not special PCI Compliance Activities.

Here is a little of what ZDnet had to say

Too many companies are neglecting to keep up to date with the standards required for accepting electronic payments, even though compliance is easily achieved by following three simple rules, and not a once per year obligation according to Securus Global senior security consultant Steven Surdich

Although many companies appear to be having difficulty in doing so, Surdich said it is simple if they follow the three basic rules: controlling changes to the cardholder environment; maintaining oversight of their activities; and simplifying compliance processes.

To read full article: http://www.zdnet.com.au/tips-for-maintaining-pci-compliance-339336453.htm?noredir=1

For more info on PCI Compliance visit the SG Website:

Small Vulnerabilities, Big Business Risk – ZDNET Article

At our February Breakfast Brief in Sydney and Melbourne, two of our Penetration Testers and Researchers presented to a select crowd on the importance of not overlooking the small vulnerabilities. When undertaking Vulnerability Assessments and Penetration Tests, these small, seemingly inconsequential vulnerabilities are often down graded or accepted and left to be exploited by hackers that are highly adept in finding, collecting and holding onto these vulnerabilities for future reference and to used together to compromise an organisation.

Here is a little of an article on the presentation from ZDNET.

At the Securus Global’s February security briefing, a pair of security researchers, demostrated how businesses accepting small securty risks may be leaving the door open to hackers who have realised that chaining small vulnerabilities together represents an easy way to destroy companies.

The researchers stated that organisations tended to look at vulnerabilities separate from other vulnerabilities, when the real issue was how these could be used in conjunction with each other to become potentially more dangerous. They then went on to demonstrate how a number of organisations they had previously worked with had fallen into the trap of considering threats to their business in isolation.

To read more: http://www.zdnet.com.au/are-small-vulnerabilities-the-real-enemy-339332377.htm

Securus Global’s Consulting Services