Quantcast
Channel: Requirement 6 – Develop and maintain secure systems and applications – PCI Guru
Browsing all 38 articles
Browse latest View live

Image may be NSFW.
Clik here to view.

PCI And Virtualization

I just received an invitation for a Webinar on Virtualization and PCI compliance.  My friend, John Kindervag is one of the panelists and, no, this is not an unpaid advertisement for anyone to attend...

View Article



Image may be NSFW.
Clik here to view.

Doctored Credit Card Terminals

It was announced this week that the Michaels retail stores breach was much larger than originally thought.  However, to those of us in the PCI business, this breach should not have been a surprise....

View Article

Image may be NSFW.
Clik here to view.

PCI SSC Releases Virtualization Guidelines

On Tuesday, June 14, 2011, the PCI SSC released an Information Supplement regarding Virtualization Guidelines.  Not only does this Information Supplement cover virtualization from a VMware and Hyper-V...

View Article

Image may be NSFW.
Clik here to view.

2011 Verizon Breach Report

At this year’s Community Meeting, Christopher Novak of Verizon Business Services made a presentation regarding the 2011 Data Breach Investigations Report.  A lot of people blow off these sorts of...

View Article

Image may be NSFW.
Clik here to view.

Defense In Depth

I have a slide in my security presentation deck that discusses the concept of defense in depth and how when you start opening ports or start using encrypted data streams how you are punching holes into...

View Article


Image may be NSFW.
Clik here to view.

Of Redirects And Reposts

There are two major techniques in e-Commerce these days for processing payments: redirects and reposts.  Redirects are when the e-Commerce site sends their customer to the payment processor’s site for...

View Article

Image may be NSFW.
Clik here to view.

Merchant Beware – New Mobile Payment Solution Out In The Wild

Merchants need to be aware of a new mobile payment solution – Square from Square Inc.  A colleague pointed me to the Square site with the question, “Is this PCI compliant?” Square appears to be a...

View Article

Image may be NSFW.
Clik here to view.

PA-DSS Validation Clarification

On July 23, 2012 we received the following communication from James Barrow, Director of AQM Programs, with the PCI Security Standards Council.  I found it worthy of posting so that everyone understands...

View Article


Image may be NSFW.
Clik here to view.

Third Party Service Providers And PCI Compliance

There seems to be a lot of confusion regarding third parties that provide networking or hosting services and their obligations regarding PCI compliance.  This confusion is not uncommon as merchants and...

View Article


Image may be NSFW.
Clik here to view.

The Amazon Cloud And PCI Compliance

If there ever was a hot topic these days it would be “The Cloud” and, in particular, the Amazon cloud.  And that discussion inevitably leads to how are the Amazon cloud offerings are PCI compliant?  A...

View Article

Image may be NSFW.
Clik here to view.

What To Focus On In 2013

It is the end of the year and, like all other pundits, here is another idea on what 2013 will bring in the way of security issues.  After reading a lot of the other predictions out there, I tend to...

View Article

Image may be NSFW.
Clik here to view.

Service Provider PCI Compliance Process

As a recent question pointed out to me, while service providers now seem to understand they need to be PCI compliant, they do not seem to understand the process under which they assess their PCI...

View Article

Image may be NSFW.
Clik here to view.

2013 Threats To Databases

Akamai just released their third quarter 2012 Internet statistics and are pointing to China as the generator of at least a third of all attacks.  Not only that, the Chinese attackers are going almost...

View Article


Image may be NSFW.
Clik here to view.

Why vSkimmer Should Not Matter

It was announced this week by McAfee that a new threat to merchants has been discovered called vSkimmer.  This is a very insidious threat as most merchants will likely not know they have been infected...

View Article

Image may be NSFW.
Clik here to view.

Vulnerability Management

On July 1, 2012, requirement 6.2.a went from a “best practice” to an official requirement.  Since v2.0 of the PCI DSS was issued, there has been a very active discussion regarding what the PCI SSC was...

View Article


Image may be NSFW.
Clik here to view.

Is It The Standard Or Process?

I question whether or not there really is a need to change the PCI DSS this Fall.  You look at the requirements and if they were truly followed as designed; the vast majority of breaches would either...

View Article

Image may be NSFW.
Clik here to view.

Doctored Credit Card Terminals

It was announced this week that the Michaels retail stores breach was much larger than originally thought.  However, to those of us in the PCI business, this breach should not have been a surprise....

View Article


Image may be NSFW.
Clik here to view.

PCI SSC Releases Virtualization Guidelines

On Tuesday, June 14, 2011, the PCI SSC released an Information Supplement regarding Virtualization Guidelines.  Not only does this Information Supplement cover virtualization from a VMware and Hyper-V...

View Article

Image may be NSFW.
Clik here to view.

Defense In Depth

I have a slide in my security presentation deck that discusses the concept of defense in depth and how when you start opening ports or start using encrypted data streams how you are punching holes into...

View Article

Image may be NSFW.
Clik here to view.

Of Redirects And Reposts

There are two major techniques in e-Commerce these days for processing payments: redirects and reposts.  Redirects are when the e-Commerce site sends their customer to the payment processor’s site for...

View Article
Browsing all 38 articles
Browse latest View live




Latest Images