New Banner 3

Services

Find out more about ProCheckUp's services including: Penetration Testing, PCI QSA and PCI DSS

More Detail

PCI DSS User Group

User Group is for merchants to come and share experiences with fellow professionals. We have regular presentations from the card schemes and acquiring banks.

Find out more & join...

Blog

Whispers of a friendly hacker...

Welcome to ProCheckUp Labs, the blog of ProCheckUp

 

Pitfalls of Content-Type Filtering for Apache Struts 2 Vulnerability CVE-2017-5638

Several recommendations have been made by Apache with regard to mitigating the issue, among which is the option to validate Content-type. However, the recent experience of one of our testers with a particular clients, detailed in this article, shows that this recommendation should be implemented with great care and recursive testing. 

 

Read More

27 April 2017 by ProCheckUp

Cloudbleed: Time for a change...

Of passwords that is! So, why is that?  Simple. It is very likely that some of your data, including personal information and passwords, has been leaked; caused by a programming blunder in Cloudflare’s sourcecode. Read this for a full brief and tips...

Read More

27 February 2017 by ProCheckUp

GDPR Bytes

The industry is buzzing with excitement over the fact that next year GDPR becomes a reality. What are the implications of it for the average business and how will it impact on them? The reality today is that we’ve all read bits and pieces and seen numbers bandied around suggesting that if we get it wrong, we could face large fines and penalties.

To really understand it, we should look at where it’s come from and why it’s being implemented, particularly with Brexit in mind.

 

Read More

27 January 2017 by Paul Bissette

Black Friday and Cyber Monday online security breaches

The Black Friday/Cyber Monday online festivity may save consumers money leading into the Christmas shopping season but it also brings an increase in online phishing attacks.

Read More

28 November 2016 by ProCheckUp

Driverless Cars- the ultimate chauffeur or hacker's delight?

Take a minute to imagine that all vehicles on the planet are autonomous. You jump in your car, shout out your desired destination (although I would probably have to type it due to my thick Scottish ac...

Read More

23 June 2016 by Anonymous , ProCheckUp

Hackers Trivia Challenge - Answers

Thank you to all those who attempted the Trivia Challenge last week at Bsides - we hope you had as much fun playing it as we did building it! As promised, the answers to the questions (Click on answe...

Read More

17 May 2016 by Sandy Ho, ProCheckUp

Creating a Better Local Admin Password

Introduction – We’re not very good at this! Local Admin Passwords are arguably one of the most important pieces of information on a computer system. The only thing as an attacker that you would desir...

Read More

08 April 2016 by Thomas Rusbridger, ProCheckUp

Solving an Nmap dilemma during an internal vulnerability assessment

During a recent pen test, I was asked to perform an internal vulnerability scan across a number of IP’s on the customer LAN, sounds simple enough right? However, in this particular case, the client fi...

Read More

29 February 2016 by Will Fieldhouse, ProCheckUp

Make Black Friday and Seasonal online shopping secure!

With Black Friday and Cyber Monday approaching, we thought we would send out a little reminder of things to look out for if shopping online... First, a little history in case you're not familiar with...

Read More

23 November 2015 by ProCheckUp Team

Magento, Linux Ransomware and Tor

Just before Halloween, a critical vulnerability was found by Dawid Glounski[1] in Magento software[2].   The following blog post will talk about the vulnerability, how it’s being exploited in the wild...

Read More

18 November 2015 by David Shanahan, ProCheckUp
Total: 31