Part of the Approved Scanning Solution for PCI DSS
What are the basic requirements for PCI scanning? Follow the link to read a white paper on PCI DSS and Penetration Testing requirements...
Part of the Approved Scanning Solution for PCI DSS
What are the basic requirements for PCI scanning? Follow the link to read a white paper on PCI DSS and Penetration Testing requirements...
Learning more about PCI
If you want to find out more about PCI compliance and how it might affect your business, we have listed some good resources below. Note we are not endorsing any of the organisations listed..New PCI -DSS standard version 1.2
The latest version of the PCI security standards - version 1.2 will be released in October, 2008. A summary of changes is available at: PCI standards website, under the supporting documents section. .
WAF's OR Code Review
Do you deploy a Web Application Firewall, or do a Code Review? It's possible in the future you'll be required to do both. For some companies WAF's are not the answer, becuase of the additional latency on web response times.
PCI Compliance versus Security. Is this just a tickbox exercise
Although companies have come a long way to improve their security posture in the last couple years, largely due to the PCI requirements, there is still an attitude amongst some retailers that the compliance is a necessary evil, and the PCI projects are seen as the exclusive end goal. Some recent large security breaches however, where the company in question had just passed their PCI compliance, illustrate how having compliance is not necessarilly the same thing as having best practice security in place. PCI compliance and strong security can be acheived together on a project. We recommend always looking to achieve both in your compliance projects. It does not necessarily cost any more money to implement, but it might save you from being another poor security headline. How much will that cost?
