I got a mail forwarded from my current manager. A security scan in relation to our PCI certification had flagged a functionality as insecure, on a medium level. The scanning tool was able to post URI encoded strings, which could be evaluated as working Javascript. This would enable a malicious user to manipulate with the [...]

A Thursday afternoon all hell broke loose. We experienced a security incident on our online platform. I started receiving phone calls with no significant information. I took it quite easy, having worked for this client for a long time, my experience has taught me not to get dragged into the well of mass panic. The [...]