| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4461B5F1.5020603@security-briefings.com> Date: Wed May 10 10:44:22 2006 From: newslist at security-briefings.com (newslist@...urity-briefings.com) Subject: VISA PCI DSS standard : Good or bad? Hello all Have you already face to the VISA PCI DSS standard? In case of your IT system store , manipulate, send credit card numbers, as a security professionals, you need to follow and make compliant your system with what VISA called the PCI DSS standard. the goal of this standard is to ensure that credit card of our customers are safe from evil hackers or employees...Great Idea! But for us,this standard have some weakness : - Commercial electronic payment organization designed an insecure system and now they want us to pay to secure their business ! - To much focus on system and network security - Only a quarterly scan with any VISA compliant scanner such as Qualys - None pentest on application level is required and when you think that as pentesters we almost always succeed to compromise sensitive information such as credit card by a security bug at the application level , we do notice that it is the most important weakness. Never mind... VISA PCI DSS is here ...and we must apply it. There is some slides from Security Professionals Conference 2006 about this topic that's worth to be read : "Two Approaches to PCI DSS Compliance" go to http://www.security-briefings.com for details Regards Newslist [at] security-briefings.com
Powered by blists - more mailing lists