Steve has a BS in Computer Science from MNSU, Moorhead and over 25 years of computer security experience including consulting, application development, database administration, and system administration. He also has experience in designing and managing secure systems and applications. He has performed security assessment projects for healthcare, nuclear, manufacturing, pharmaceutical, banking and educational organizations. He is an active participant in the information security community.
Before NetSPI, Steve worked for the world’s largest privately held company to develop applications, both web and thick client, for the research department and to secure the web applications for multiple business units. Steve also spent almost 10 years as a consultant for a large computer company to develop applications for numerous Fortune 500 companies. Compliance
A question came up about a PCI audit that was performed for one of our customers. They just finished their PCI audit and passed. I am now working with them on a new software application and there is a vulnerability …
READ POST
NetsPWN: Assessment Services
Many times during our mobile application penetration testing, we are finding the applications are vulnerable to man-in-the-middle attacks (MITM). Certificate pinning is one part of the answer to MITM attacks in a mobile application. For those who do not know …
READ POST
Sage Advice
We have worked with many companies that are following the letter of the law. The law being the PCI Council’s requirement (6.3.2) that all code must be reviewed prior to release. It states: 6.3.2 Review of custom code …
READ POST
Sage Advice
I was reading a few articles about how mobile devices, because of their popularity, are now the focus of malicious hackers. I thought this was interesting because many companies are developing applications for the mobile platforms and based on the …
READ POST
Sage Advice
I just read an article about how Oracle Database suffers from “stealth password cracking vulnerability“. This means someone trying to exploit this vulnerability can brute force your passwords and you would never know about it. Oracle fixed this vulnerability in …
READ POST
Compliance
The PCI-Council is working with SANS for a set of courses that PA-DSS vendors can use. These courses include fundamental courses for developers and security staff as well as development language specific courses. There are also courses for senior level developers, tester and managers.
READ POST
Compliance
For the most part, the requirements have not changed but there are a couple of items that may require some changes in the application, the documentation, or even the processes around the application.
READ POST
Compliance
One typical question NetSPI receives from IT managers is "What does PA-DSS entail?" Hopefully, this will give you some answers.
READ POST
Compliance
We were asked by a customer about performing code review based on the PCI requirements. The questions they asked were...
READ POST
Solutions
Services
About NetSPI
Contact Us
Copyright ©2012 NetSPI Inc. All rights reserved