Linking your business to more business.

Caught between PCI-DSS compliance mandates and a shrinking budget?

Use our quick contact form above and we'll show you how to become PCI-DSS complient on a seriously tight budget!

Still looking for more conventional answers? Here are some possible resources for PCI-DSS...

http://www.techworld.com/security/pci.cfm#Insight
and Diagnostics in Distributed Java and .NET Applications Learn more about how you can tune your SOA Java or .NET applications. Avoiding Data Centre Costs through Managed Application Delivery Services This whitepaper looks at how managed application delivery services compare with...

http://www.breach.com/resources/breach-security-labs/alerts/breach-security-labs
many sites as it is able to successfully conduct an SQL injection attack with only one request. With custom-coded web applications attackers normally do not have any information about the structure of the target database so they must conduct reconnaissance probes... the most surprising discovery associated with this attack is that it was entirely preventable. Had the developers of these web applications created them based on secure coding guidelines such as those from the Open Web Application Security Project OWASP their sites...

http://www.tssci-security.com/archives/2009/02/12/post-to-webappsec-mailing-list
or WAF-like technology to good use. However WAF is dead and dying regardless. I think that very large-installation Internet-facing web applications require Anti-DDoS technology in the form of an appliance preferably one that does rate-based behavior detection. I often feel that... want to make money from the data in it. Also pen-testing is dead. We no longer need to prove that applications are insecure. We know theyre insecure - no matter how many functionality controls you layer on top of them. Unless... current and future technologies. VMsafe API just another same solution to a newer technology nothing new. ME proving that MY applications are secure Its impossible the wording of it. Unless you have and understand every piece of information that everyone else... few passwords or trying a few SQL statements while at the same time tracking them down striking back at their applications and infrastructure two can play at the SQLi game they probably have their own database of sorts and if

http://www.itcomplianceandcontrols.com
was escorted in and out of the building rather quickly. He highlighted the use of customer feedback systems and integrating applications for clients. The other attendees included Eran Gil of Cloud Sherpas a consulting company Matt Trevathan Solutions ArchitectMaster Inventor IBM...

http://tssci-security.com/
or WAF-like technology to good use. However WAF is dead and dying regardless. I think that very large-installation Internet-facing web applications require Anti-DDoS technology in the form of an appliance preferably one that does rate-based behavior detection. I often feel that... want to make money from the data in it. Also pen-testing is dead. We no longer need to prove that applications are insecure. We know theyre insecure - no matter how many functionality controls you layer on top of them. Unless...

http://www.gfi.com/lannetscan/?adv=62&loc=61
the last scan. GFI LANguard will identify and report unauthorized software installations and provide alerts or even automatically uninstall unauthorized applications. Why use GFI LANguard Powerful network security and port scanner with network auditing capabilities Over 15000 vulnerability assessments carried out...

http://www.net-security.org/secworld.php?id=6995
Web applications are the Achilles’ heel for corporate IT security...

http://paloaltonetworks.wordpress.com/2009/02/17/a-waf-does-not-make-you-pci-com
a look at the differences in a bit more detail. Web Application Firewalls WAF are designed to look at web applications monitoring them for security issues that may arise due to coding errors. Every corporation needs a firewall in many cases...

http://pcianswers.com/2008/10/01/pci-dss-version-12-differences-and-updates/
rewrites the requirement to include many of the items outlined in the Information Supplement released previously. It states public-facing web applications address new threats and vulnerabilities on an ongoing basis and ensure these applications are protected against known attacks. The big... attacks. The big change is in the wording of the first option in Requirement 6.6 which states Reviewing public-facing web applications via manual or automated application vulnerability security assessment tools or methods at least annually and after any changes. The mention...

http://www.icmpecho.com/2008/11/04/pci-dss-whats-in-the-cloud/
Found an interesting article by Martin McKeay through Security Bloggers Network which discusses PCI compliance and the implications of hosting applications and data in the cloud. He boils everything down to one simple point If you storetransmithandle cardholder data in a...

http://www.theenterprisecloud.com
Enterprise Cloud provides complete physical redundancy to eliminate downtime due to hardware failure. In fact the system can even move applications across physical devices live and with no service interruption. And automated resource balancing provides continuous monitoring and optimization to ensure...

http://www.visa.com/cisp
providers. Defining Your Service Provider Level Validation Requirements ProceduresPayment Applications Merchants and their agents must use PA-DSS compliant payment applications. Payment Application Data Security Standard Payment Application Security Mandates PDF 60kPIN Security and Key Management Program PIN accepting entities...

http://rss.tradepub.com/?br=hackerscenter&feed=information_technology_security
questions generally ariseltulgtltligtDon t we already have an adequate solutionltligtAre there tools that can really detect fraudltligtWe are watching our applications isn t that enoughltligtMonitoring external fraud is hard enough how can we possibly monitor fraud from internal trusted usersltulgtThe...

http://www.acunetix.com/websitesecurity/pci-dss.htm
that your web site and other web applications are secure.You are required to scan your shopping cart and other web applications for vulnerabilitiesAcunetix Web Vulnerability Scanner version 6 helps you meet the following PCI requirementsAcunetix will check your web site and...

http://holisticinfosec.blogspot.com/
to make my point and stay out of jail - We are faced with uncertain times. Better security for web applications and systems serving as financial industry resources can help mitigate some of that uncertainty. del.icio.us digg Submit to...

http://www.mccune.org.uk/blog/
output encoding to restrict XSS but the admin sections dont consistently provide the same protection. Its also interesting that both applications seem to be relying on output encoding as a defence as opposed to input validation. In my experience the best... risk to the systems under test usually but wont provide definite confirmation of problems and typically doesnt look at web applications so it wont cover all the attack surface of a typical web application exposed over the Internet. So if someone... points that need to be completed to comply with industry or government regulations probably most noticable by PCI Externally hosted applications. In situations when a company doesnt have great visibility of an application that theyre entrusting valuable data to eg most... eBook world but the prices seem uniformly higher for eBooks than physical ones. Now I do see that for some applications where physical books are impractical eBooks whatever the cost could make sense. But for recreation

http://internet-b52.net
more secure. Many hands make light work and all... So I signed up for session on penetrating and exploiting web applications. The tough part and potentially a cause of expectation mismatch with your boss might be your ability to return from...

http://risktical.com
is Initech Novelty Inc. INI itself. Because INI is a PCI merchant and is accountable for the security of its applications that process payment card information the vulnerability that has been identified and confirmed in the eyes of the Security...

http://blog.tevora.com/
engine. It was designed to allow any data from an infrastructure device to be indexed and searched. Any output from applications servers and network devices can be eaten by Splunk. However Splunk has become more than just a standalone product. The... 3.x series of the product has opened up the internal API and exposed it to allow outside development of new applications on top of the Splunk core. This post is going to touch on some of the capabilities available to developers... elements of Splunk that a user can customize and enhance in the current product release Spunk UI customization and RESTful applications. Read more ...Posted in Enterprise ApplicationsGeneral SecurityComments Virtualization Security and Compliance... Can they exist together Friday 05 December 2008...

http://www.secureconsulting.net/2009/02/pci_dss_v12_in_a_nutshell.html
accordance with 10.7 at least one year with 3 months online. Requirement Requirement 6 Develop and maintain secure systems and applications Summary Implement patch and vulnerability management policies and procedures. Critical security patches must be applied within 1 month using a... Test operational functionality prior to deployment. Include back-out procedures. 5. Special security functionality is required for public-facing web applications in the form of either regular code reviews at least annually or deployment of a web application proxy firewall for...

http://www.pciknowledgebase.com/index.php?option=com_kunena&Itemid=142
a forum to discuss the technology and the compliance issues which it created.Moderators dtaylor12 kroemer VisOps2007 cfarrow Khepner charuReHosting web applications on a vitual serverby lyalc 01172009 2143 Show most recent messageRetail Industry PCI ForumThis forum focuses on PCI issues... on experiences issues related to application security specifically the best way to meet the PCI DSS 6.6 standard for Web applications using external code reviews vs application firewalls. ...

http://en.wikipedia.org/wiki/PCI_DSS
apply to all organizations that store process or transmit cardholder data with guidance for software developers and manufacturers of applications and devices used in those transactions. A company processing storing or transmitting cardholder data must be PCI DSS compliant. The... are sold distributed or licensed to third parties. Most card brands encourage merchants and third party agents to use payment applications that are validated independently by a PA-QSA company and accepted for listing by the PCI SSC. Validated applications are listed... use payment applications that are validated independently by a PA-QSA company and accepted for listing by the PCI SSC. Validated applications are listed at List of PA-DSS Validated Payment ApplicationsContentsThe current version of the standard 1.24 specifies 12 requirements for compliance... at online application vulnerabilities. Theyre arguably the fastest growing area of security and for good reason exposures in customer-facing application

http://www.acunetix.com/websitesecurity/pci-compliance-wp.htm
which scan network hosts for open ports missing security patches on operating systems and server technologies potential exploits discovered in applications installed on a network network device weaknesses and incorrectly configured user rights. These security risks are resolved by various configurations... Scanning Vendors who provide PCI Compliance audits can benefit from Acunetix Web Vulnerability Scanner to identify vulnerabilities in merchant web applications and also guide them to resolving any potential exploits. Full PCI Compliance extends the capabilities of Acunetix WVS to certification... them to resolving any potential exploits. Full PCI Compliance extends the capabilities of Acunetix WVS to certification of secured web applications according to the specifications detailed by the Payment Card Industry security guideline.Jacques Guillaumier May 2007Download the White Paper as a...

http://www.pciassessment.org/pci-bb/
post Fri Mar 06 2009 827 am Develop and Maintain secure systems Requirement 6 Develop and Maintain secure systems and applications 12 Topics 12 Posts Last post by lifsvislach View the latest post Fri Mar 06 2009 829 amImplement Strong Access...

http://nickcoblentz.blogspot.com/2009/02/pci-compliance-and-cloud-computing.html
Based on these items organizations should be able to limit the scope of assessments to security groups that contain payment applications or data. It is unclear whether the scope must include Amazons physical network devices or web services associated with managing... I am going to separate this section into two parts. One part is concerned with the secure development of custom applications. While it is straight forward to understand how this applies to the company implementing the virtual infrastructure its not as... can likely be satisfied by verifying and documenting Amazons patch management procedures. Takeaway Its unclear whether the cloud computing providers applications like Amazons web services must be assessed. Additionally the cloud providers patch management process should be verified and documented. Requirement...

http://www.voltage.com/pci/index.htm
without significant operational overhead. Based on a revolutionary technology called Format-Preserving Encryption FPE Voltage SecureData encrypts data in databases and applications while retaining the format of the original structured information.We encourage you to learn more about how Voltage can help you...