Tel: +44 (0) 131 516 7264
Email: contact-us@7elements.co.uk
How Card Payments work and PCI DSS The following blog from our Principal Security Consultant, first published back in 2011, provides a great high level primer for those who are not familiar with the underlying processes and terminology around PCI DSS. This may be particularly useful for small businesses who are just starting out with […]
Read MoreIntroduction During an internal infrastructure test last year, we identified a Network Attached Storage (NAS) device that piqued our interest, primarily due to the administration web page being served over HTTP and not HTTPS. Generally not a good sign from a security point of view! A few moments later and with access to the device […]
Read MoreMarc Wickenden recently discovered a security issue within FlashCanvas 1.5 that could lead to a number of issues, such as cross-site scripting. The issue has been assigned CVE number 2013-6880 and the vendor has now released a fix for the issue, which can be found here. In this blog post we take a closer look […]
Read MoreGiven that media coverage keeps going in terms of discussing ‘Advanced Persistent Threat’ and the need to keep a balanced view, I thought that I would revisit this topic. We first blogged and presented on this issue back in 2011 and those discussion points appear to still be valid now. To be fair, I still […]
Read MoreI’ve been noticing a trend from security vendors who promise security-in-a-box solutions and Web Application Firewalls (WAFs) are being promoted as one such solution. Unfortunately, organisations are aligning to this suggestive, albeit dangerous tune. As a result, organisations choose to filter out traffic that would exploit their known vulnerabilities on their WAFs instead of applying […]
Read MoreOn the 4th October, I flocked to BSides Lisbon 2013 to talk about Cell Injection. It was the first meeting of this kind in Portugal (for infosec people by infosec people, open to the general public, free admission, international speakers and attendees). There were about 180 people there in both rooms. Other than my talk, […]
Read MoreOn the 24th September I had the opportunity to talk at the Cloud Security Alliance Symposium, a free event in support of the Cloud Security Alliance EMEA Congress 2013 hosted in Edinburgh on Cloud Security. My talk focused on real life examples of cloud security issues and internal research that we at 7 Elements had […]
Read MoreWhile testing a new service called HoneyDocs, a service that allows the creation of documents that send a call back with a unique tracking code notifying you that the document was viewed/opened, Daniel McCauley discovered his documents were being opened by Dropbox-owned Amazon EC-2 instances. (Yes, HoneyDocs will also know when someone is accessing your […]
Read MoreApache Struts 2 Exploit – have you patched? In early July and then in mid July, Apache Struts 2 released information on two new vulnerabilities. These recent vulnerabilities for Struts 2 appear to have gone under the radar in terms of patching urgency and active exploitation is now happening in the wild. The vulnerabilities appear […]
Read MoreSecurity Testing Root Cause Analysis: A New Way of Reporting At 7 Elements we have introduced an additional way of reporting on the findings from our security tests, Root Cause Analysis. Whilst root cause analysis is not a new concept, it has not to date been readily applied to security testing output. We feel it […]
Read MoreIn July 2020 7 Elements discovered a vulnerability in Rackspace that exposed all its global hosted email customers to the potential malicious use of … Read More...
Following the announcement that 7 Elements Ltd has been acquired by Redcentric, I wanted to introduce myself and Redcentric and let you know how this … Read more...
Registered office address is: 7 Elements Ltd, 12 Hope Street, Edinburgh, EH2 4DB.
T: +44 (0)131 516 7264 E: contact-us@7elements.co.uk
7 Elements is a company registered in Scotland with company number SC382475
