Full Disclosure mailing list archives
Re: VISA PCI DSS standard : Good or bad?
From: " " <ngiles () hushmail com>
Date: Wed, 10 May 2006 11:42:49 -0500
Sit through the class and get a good understanding. Then crawl under your desk and hope you don't have to do one. "Use your best judgement" VISA golden rule right there.. On Wed, 10 May 2006 04:44:17 -0500 "newslist@security- briefings.com" <newslist () security-briefings com> wrote:
Hello all Have you already face to the VISA PCI DSS standard? In case of your IT system store , manipulate, send credit card numbers, as a security professionals, you need to follow and make compliant
your system with what VISA called the PCI DSS standard. the goal of this standard is to ensure that credit card of our customers are safe from evil hackers or employees...Great Idea! But for us,this standard have some weakness : - Commercial electronic payment organization designed an insecure system and now they want us to pay to secure their business ! - To much focus on system and network security - Only a quarterly scan with any VISA compliant scanner such as Qualys - None pentest on application level is required and when you think
that as pentesters we almost always succeed to compromise sensitive information such as credit card by a security bug at the application level , we do notice that it is the most important weakness. Never mind... VISA PCI DSS is here ...and we must apply it. There is some slides from Security Professionals Conference 2006 about this topic that's worth to be read : "Two Approaches to PCI DSS Compliance" go to http://www.security-briefings.com for details Regards Newslist [at] security-briefings.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- VISA PCI DSS standard : Good or bad? newslist () security-briefings com (May 10)
- <Possible follow-ups>
- Re: VISA PCI DSS standard : Good or bad? (May 10)