Michael Gargiullo

icon indicating a website link https://www.pivotpointsecurity.com

icon company @PivotPointSecurity icon location Developer, Engineer, PenTester & Auditor are some of my many hats. OWASP Member CREST Americas Council Member

Results 8 comments of Michael Gargiullo

Discussion: to keep "Trusted service layer" requirements separately or combine them to one abstract

So "Trusted Service Layer" is the updated term for "server-side". Would we, should we, have a dedicated section listing all things that should be assessed on the server-side? I understand...

Need cleanup of 4.3.1 - suggest simplifying

@jmanico I liked your list of possible solutions with "accept connections from trusted endpoints" as one of the options.

Scope for 5.0 and beyond

@jmanico I completely agree. That's how I explain it to our clients and how we test against it. Even with the current 4.0.x Level 1 assessment, there are items that...

Cannot run the tool

`pip install terminaltables`

2.6.4 looks rather weak

@jmanico I agree with your assessment of 2.6.4. The list of pre-generated codes should have much higher entropy. 2.7.6 is a bit different. 2.7 talks about items like Google Authenticator...

2.5.4 "Verify shared or default accounts are not present" - not reasonable

> "Not present" is the part I object to. "disabled, removed or secured" would be better. It would allow for mitigating measures, while "not present" is a requirement with little...

LOGIN_EXEMPT_URLS not working for application's urls

I'm now seeing this error as well

libusb.h installs to libusb-1.0/libusb.h and can't be found

Short term fix. in capture/ Just before the line `find_package(LIBUSB REQUIRED)` add: `find_path(LIBUSB_INCLUDE_DIR NAMES libusb.h PATH_SUFFIXES "include" "libusb" "libusb-1.0") find_library(LIBUSB_LIBRARY NAMES usb PATH_SUFFIXES "lib" "lib32" "lib64")`