We are more than happy to announce that our colleague, Alexandru Armean received the CISM (Certified Information Security Manager) certification.
Blog
How GDPR impacts your business
With a few months to go until the new data protection legislation comes into effect, we take a look at what impact this may have on software development and testing companies.
The General Data Protection Regulation (GDPR) will come in effect on May 25th 2018 and many companies are not either A) aware of this change, or B) understand the impact it has on its business. Because of the fact that the penalties are huge, for those who do not comply with the regulation (up to 4% of annual turnover or €20 million, whichever is greater), it is important that all business take action now to ensure complicity.
Opportunity through Cyber Security
Changes that occur in the EU legislation that address software security provided us a great opportunity to discuss about the future of cyber security.
Our Senior pentester Andrei, held a presentation about the opportunities that occur from legislation such as GDPR and how the software development companies can benefit from it, by increasing the security of their products and assuring the clients that they are safe.
PIN Code Authentication Bypass
We managed to bypass the authentication login page in less than 5 minutes, even if in theory, this level of architecture within the application had a great start (using SMSes as a factor of authentication).
Penetration Testing and Vulnerability Assessment
Usually, penetration testing is required for big applications, where security has already been taken into consideration from the beginning of the development process and the customer is hiring external testers, which might have a different view and therefore, might get more creative. The purpose would be to simulate a real attack and track the behavior of the system and how the team maintaining it is able to respond.
Mobile security workshop by Daniel
This year our senior Security Engineer, Daniel, held a mobile security workshop showing how weak are mobile applications that do not take into consideration the most basic security principles.
The workshop was held in the office of Evozon Systems a software development company from Cluj-Napoca, that invests a lot of effort in the security of their products which together with the members of OWASP Cluj-Napoca decided to offer this one day training to anyone interested in cyber security.