… nothing for a few weeks and then three come at once. Last Friday afternoon at the office turned into a somewhat sedate – and welcome – end to the working week. Until I took three sales calls one after each other. Nothing notable about that. What was significant was that all asked about how… Read more »
Posts Categorized: PCI DSS Penetration Testing
How much penetration testing and vulnerability scanning does PCI DSS v3 require?
“Essentially, all merchant eCommerce sites that previously escaped mandatory security assessment can no longer be overlooked.” We now anticipate that many small merchants will find their web sites in scope for PCI compliance under PCI DSS v3. We wrote earlier this year concerning the potential for scope changes brought about by PCI DSS v3. Now that the official v3 SAQ documents… Read more »
It is possible that web applications previously considered out-of-scope for PCI DSS could now be in-scope under PCI DSS v3. The impact of this could be significant depending on your existing card data environment (CDE). It has long been accepted practice that any component that stores, processes or transmits cardholder data is in scope for… Read more »
A couple of new information supplements have been released by the PCI SSC, covering E-commerce and ATM PIN security. “PCI DSS E-commerce Guidelines” contains a nice summary of common E-commerce models, vulnerabilities and some recommendations too. From the intro: “This Information Supplement is intended for merchants who use or are considering the use of e-commerce technologies in… Read more »
Here’s our short video (less than 10 minutes), ideal for project managers who need to know more about how penetration testing can be used to effectively gauge the security of outsourced cloud environments. Find out more about our penetration testing services. Related reading: Tips for better mobile app penetration testing.
As a standard that pays a lot of attention to practical activities, the PCI Security Testing includes a range of activities. We frequently see confusion about what needs to be tested, how and when. At the end of this post is a link to our short guide to all PCI DSS testing requirements. Some key… Read more »