Perimeter
6/1/2012
12:08 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

Foregenix Leads The Way In Point-To-Point Encryption

Payment security specialist receives full accreditation from PCI SSC

London, 1st June 2012 - Payment security specialist Foregenix has become one of the first Qualified Security Assessors (QSA) globally to be accredited by the Payment Card Industry Security Standards Council (PCI SSC) as having the necessary skills and experience to guide and assess payment applications against its Point-to-Point-Encryption (P2PE) standards.

The P2PE standard defines the requirements for Point-to-Point Encryption solutions, with the goal of significantly reducing the scope of PCI DSS assessments for merchants that use them. P2PE solutions focus on ensuring cardholder data is secured from the point of transaction all the way to the processor. Merchants who accept credit card transactions via P2PE approved solutions can significantly reduce the costs and risks associated with cardholder data and PCI DSS compliance.

“A commitment to continual development is core to our business philosophy. Our specialist team constantly strives to innovate and develop the skills to support our clients better now and in the future,” says Benj Hosack, director at Foregenix. “With this new accreditation, Foregenix is well positioned to help companies that are looking to validate their payment applications against the P2PE standard in the very near-term, as well as being able to assist merchants looking to reduce their risk and PCI DSS overhead.”

About Foregenix

Foregenix is an independent, specialised information security business, headquartered in the United Kingdom, with a global service delivery capability. The Foregenix team has been closely involved with the Payment Card Industry since the inception of the security standards in 2004, and has carried out PCI DSS assessments, PA-DSS assessments, penetration tests and forensic investigations on hundreds of organisations during this time. Its technical team has extensive experience in digital security, having worked as security consultants, analysts and engineers in a wide array of environments; including global financial institutions, global networking and security providers.

For more information, please visit www.foregenix.com

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6117
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

CVE-2014-0174
Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVE-2014-3485
Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

CVE-2014-3499
Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

CVE-2014-3503
Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.