Whitepapers & Case Studies

21 April 2010
Roberto Suggi Liverani
Cross Context Scripting (XCS) is a term coined for a browser based content injection in the Firefox chrome zone...
21 April 2010
Nick Freeman
This paper should be considered an addendum to the white paper "Cross Context Scripting with Firefox". This paper exclusively focuses on exploits which can be used to leverage Chrome Cross Context Scripting (XCS) vulnerabilities in Firefox...
25 September 2009
Security-Assessment.com
Direct Payment Solutions (DPS) is a leader in Internet payment solutions for the Australian and New Zealand markets. With thousands of New Zealand companies counting on DPS to process their electronic payments on a daily basis, it is imperative that DPS becomes PCI DSS-compliant. DPS enlists the expertise of Security-Assessment.com as the go-to partner for the complex compliance project.
18 October 2010
Roberto Suggi Liverani
Security-Assessment.com discovered that it is possible to leverage Cross Site Request Forgery (XSRF) attacks with the potential of leaking cookie, basic and digest authentication tokens using Java Applet and the Apache Web Server “Compatibility with Older Browsers” feature.
01 January 2007
Security-Assessment.com
The Payment Card Industry Data Security Standard (PCI DSS) was established to set down minimal requirements to ensure the protection of cardholder data. This paper outlines the purpose of the PCI DSS, the affects of non-compliance on an organisation, and what merchant and service providers are required to implement and maintain in order to comply with PCI compliance.