- Register, accept the Disclaimer and choose subscription option.
By choosing the Free Account option you will only be able to download the teaser of each issue.
- Verify your account using the verification link sent to your email address.
- Check the password sent on your email address and use it to log in.
- Click the download button to get the issue.
Introduction to PCI DSS for the PenTester
by Chris Mark
The Payment Card Industry Data Security Standard, better known as the PCI DSS, is the payment card security standard first published in 2006 by the major card brands including Visa, MasterCard, JCB, Discover & American Express. Certainly, the PCI DSS has not been without controversy as data breaches continue to take their toll on the payment card industry. Irrespective of the criticism on the standard, it is here to stay and has been endorsed as a worldwide standard by the card brands and banks.
by Matt Ball
I love my credit card. Over the last month I’ve paid for fuel, food, concert tickets, dinner, car insurance, a few CDs and some MP3s. I’ve bought things online, face to face, via automated terminals and even via the phone. It’s easy. Select the item, present the card, authorise it and hey presto (when I’ve not hit the limit), the goods and services are paid for.
Payment Card Industry Data Security Standards
by Kelly O’Brien
Does your business store, process or transmit cardholder data? If so, have you complied with the Payment Card Industry Data Security Standards (PCI DSS)?.
PCI DSS in the Cloud: Defeat the additional Risk
by Swati Sharma
Technologies change and evolve at a fast pace. Compliance standards have to address the current and upcoming risks associated with these technologies. In spite of prejudice about cloud computing, Merchants and Service providers in the Payment card industry are adopting cloud technologies and there is still a dilemma over whether they can be compliant with PCI DSS if hosted
in the cloud.
Top Security Threats Contributing to Payment Card Data Being Compromised
by Ashish Thapar
Payment card data breaches are an economic externality , and PCI DSS’s mission is to ensure that companies take better care of consumer payment card data. Just as an oil spill affects millions of people, so does a ‘data spill.’
Penetration Testing and PCI
by Augusto Paes de Barros
One of biggest current drivers for security programs and initiatives around the world is known by just three letters, “PCI”. PCI, which stands for “Payment Card Industry”, is in truth a security standard defined by a joint venture of the five major payment card brands, Visa, Mastercard, American Express, Discover and JCB.
How to execute or contract a Pentest to be Compliant with PCI DSS
by Adriano Bertoni
How serious is the need to perform or hire a good and recognized third-party company with expertise in executing external and internal pentest, after all it’s not the PCI falt if you didn’t test your environment and applications as you usually claim to do. Whithout testing you can’t know what possibly can go wrong with environment and the leak of card data will not be prevented as you wanted it.
Penetration testing in the PCI DSS world
by Marco Borza and Cristiano Iarusci
Around 1000bc mankind realised that bartering had several problems most noticeably what is referred as “double coincidence of wants” caused by the improbability of the wants, needs or events that cause or motivate a transaction occurring at the same time and the same place.
Penetration Testting for PCI DSS: Best practices and common mistakes
by Christian J. Moldes
As a QSA (Qualified Security Assessor) for the Payment Card Industry (PCI), I review a number of penetration test reports from different organizations every year. It is no surprise that among them, the commonality is the lack of consistency in how testing is performed and how the results are reported. The industry does not offer specific guidance regarding how penetration tests should be performed in order to achieve PCI DSS compliance. Whether you are an internal resource or a third party performing penetration tests for PCI DSS compliance, a QSA’s perspective might be helpful in providing guidance about this topic.
Interview with Christian Mairoll
by Aby Rao
Christian Mairoll is a founder and head of Emsisoft , who has been actively pursuing the vision of a virtual company since 2003. All 22 employees are distributed worldwide but work together as if they are in the same office. He was awarded in the Austrian “Constantinus” IT prize in 2005 for this innovative business management concept.