Author: mathildeexlm

by mathildeexlm mathildeexlm No Comments

Password hashing: Be careful about what you hash!

Context of the hashing issue

During a web assessment, Excellium’s Intrusion & AppSec team audited a PHP application where users passwords were stored using the bcrypt hashing algorithm. As bcrypt 1https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.htmlis still a valid and recommended algorithm to hash passwordscompromising passwords 2https://github.com/danielmiessler/SecLists/tree/master/Passwords/Common-Credentials  should not be an easy task. However, sometimesthe devil is in the details. 

 

Read more

by mathildeexlm mathildeexlm No Comments

Excellium services newsletter : CSSF 20/750 : A new circular for your information security risks’management

On August 25, 2020, the Commission de Surveillance du Secteur Financier (CSSF) introduced and published a new circular (CSSF 20/750). This circular is applicable to all credit institutions, all Professionals of the Financial Sector (PFS), all payment institutions, and all electronic money institutions. The main objective is to implement the guidelines of the European Banking Authority EBA/GL/2019/04 relating to the management of risks linked to information and communication technologies (“ICT”) and security.

Read more

by mathildeexlm mathildeexlm No Comments

2020: Through back to the epic year of the webinar

2020 has been challenging for lots of companies trying to keep afloat despite all the sanitary restrictions. Being present and maintaining customers relationships was not an easy game yet we did it. Through webinars, virtual events, magazine interviews, and so much more at Excellium we made sure to be present and to maintain our yearly activities no matter how much we had to adapt.

Read more

by mathildeexlm mathildeexlm No Comments

Cybersécurité et COVID – Un monde d’après…

La campagnie Excellium Services emploie actuellement plus de 130 personnes sur les différents marchés où elle opère. Et malgrè un recrutement soutenu cette année 2020, la recherche de talents reste une des priorités pour 2021. Si 2020 aura été une année particulière à bien des égards, les soucis de trouver des talents dans des domaines technologiques comme la cybersécurité restent d’actualité.

Read more

Top