November 2024

Web Shell Upload Via Extension Blacklist Bypass - Part 1

Nov 29, 2024 By VISTA InfoSec In VISTA InfoSec

We delve into an in-depth exploration of a common web security vulnerability related to file uploads and it demonstrates how attackers can exploit weaknesses in file extension blacklists to upload malicious web shells. We also cover the mechanics of bypassing these security measures, including specific techniques and tools used to see practical examples of how to conduct such an attack in a controlled environment, emphasizing the importance of understanding these vulnerabilities for defensive programming.

View Video

VISTA InfoSec

Read more about Web Shell Upload Via Extension Blacklist Bypass - Part 1

[PCI DSS Requirement 9] : Summary of Changes from Version 3.2.1 to 4.0 Explained

Nov 21, 2024 By VISTA InfoSec In VISTA InfoSec

Are you curious about the updates in PCI DSS Requirement 9 as we transition from Version 3.2.1 to 4.0? Requirement 9 focuses on physical security, a cornerstone of safeguarding cardholder data. With PCI DSS 4.0, new best practices, enhanced clarity, and updated guidelines have been introduced to address emerging threats and challenges. Whether you're an IT professional, QSA, or just starting your PCI DSS compliance journey, this video is packed with insights to help you stay ahead.

View Video

VISTA InfoSec

Read more about [PCI DSS Requirement 9] : Summary of Changes from Version 3.2.1 to 4.0 Explained

OWASP TOP 10 - API Security Testing

Nov 14, 2024 By VISTA InfoSec In VISTA InfoSec

***********************************************************************************

View Video

VISTA InfoSec

Read more about OWASP TOP 10 - API Security Testing

PCI DSS Compliance for SaaS Businesses

Nov 12, 2024 By Ronak Patel In VISTA InfoSec

PCI DSS is a set of requirements that is applied to every small and large organization that accepts, stores, processes, or transmits cardholder data. In particular, PCI DSS for SaaS companies is essential, as these platforms frequently handle sensitive customer information and must adhere to the latest security standards. In 2024, the updated version of PCI DSS 3.2.1, PCI DSS v4.0, became mandatory after being officially released on March 31, 2022, allowing organizations a transition period.

Read Post

VISTA InfoSec

Read more about PCI DSS Compliance for SaaS Businesses

Secure Finances With SOX Compliance

Nov 7, 2024 By VISTA InfoSec In VISTA InfoSec

View Video

VISTA InfoSec

Read more about Secure Finances With SOX Compliance

DORA Compliance Checklist: Essential Steps for Successful Implementation

Nov 5, 2024 By Ronak Patel In VISTA InfoSec

DORA is an EU-based regulation that is going to be effective from January 17, 2025. It is a digital security framework that works alongside the General Data Protection Regulation (GDPR) to provide strong security protection to financial entities and ICT service providers from cybercrimes. Generally, every financial entity and ICT service provider inside or outside the EU that does business with the EU entities has to comply with DORA.

Read Post

VISTA InfoSec

Read more about DORA Compliance Checklist: Essential Steps for Successful Implementation

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

November 2024

Web Shell Upload Via Extension Blacklist Bypass - Part 1

[PCI DSS Requirement 9] : Summary of Changes from Version 3.2.1 to 4.0 Explained

OWASP TOP 10 - API Security Testing

PCI DSS Compliance for SaaS Businesses

Secure Finances With SOX Compliance

DORA Compliance Checklist: Essential Steps for Successful Implementation

Monthly Archive

Follow Us