5 Common Reasons for Failing a PCI-DSS Penetration Test

When getting PCI compliant, organisations are required to have a penetration test performed annually or after any significant changes to systems. Having extensive experience in performing these tests Samurai has, over the years, seen many reasons why organisations fail which has led us to create this blog post. We hope that by reading this, common […]

GDPR – One year later

It has been well over one year now since GDPR has come into effect, and there is still a clear amount of confusion around compliance, so much so, that fines are being given out frequently for not adhering to the new legislation, even where it concerns large and well-known organisations. A few examples of fines […]

Working with HTTP Headers

HTTP headers are a core part of how web requests are made, passing additional information along with the request or response. Some HTTP headers, such as Request Method:, Status: and User-Agent: are quite well known although there are many more which are commonly used. In this blog we will focus on the HTTP headers which […]

Cyber Sales by FEAR!

Hi all, One of our clients recently approached us having received an email from a “Cyber Security” company.  The email informed them that they had been monitoring the dark web and had found 77 incidents of compromised material relating to their company and requesting they get in touch to find out what is.  Our client […]

Hack the Track

Recently I was invited to deliver a talk at the Young Rail Professionals Forum at SNC Lavalin in Derby. I took this as a great opportunity to research the industry and fathom where the weaknesses exist, and what the worst-case rail scenarios for a cyber breach could be.  Most of my career has been spent […]

Office 365 Security Guidance

Office 365 Security Guidance Microsoft Office 365 has seen explosive growth in recent times, being adopted by organisations of all sizes and business sectors. This rapid growth, when teamed with the importance of the data stored and level of access within an organisation, has made Office 365 an alluring target for hackers. Once access is […]

A Tale from the enCrypt – this vendor believes up-selling using encryption is fine

Hello all, I’m in the dentist waiting room waiting this (long story) and since I have a little time to kill, I’ll take the opportunity to regale a concerning information security anecdote. This tale involves a SaaS provider taking a frankly shocking view as to what is acceptable in terms of information security practice. As […]