New in PCI DSS version 4.0: Authenticated Scans
The Payment Card Industry (PCI) Data Security Standard (DSS) is a set of security standards that were established to ensure the safety and security of customers’ financial information. With the recent release of PCI DSS version 4.0, organizations must now use the...
The new PCI DSS version 4.0 is out: What to expect?
For the last few years, we have witnessed how the paradigm has been changing in the use and implementation of payment services. Which must keep aligned to security standards. As security consultants and auditors, we have followed these new concepts and had been...
Penetration Testing vs. Red Teaming: What’s the Difference?
When it comes to keeping your organization off the radar of cyberattacks, there are two types of cybersecurity tests that are recommended: penetration testing and red teaming. They are often used interchangeably, although they are two different things. So, how do you...
What is a PCI Segmentation Test?
The act of dividing a computer network into subnets is known as network segmentation. Network segmentation, when done correctly, improves network security and performance. Although network segmentation is not required by PCI DSS, it is strongly recommended. Network...
Are emailed credit card numbers in scope for PCI compliance?
Companies occasionally get sensitive credit card information (all information required to complete a purchase) via email or by telephone. As QSAs, we believe this is a security risk or, at the very least, poor practice and that it should be on top of mind. All...
What is a Web Application Penetration Testing?
Web application penetration testing means testing the security integrity of browser-based applications. All potentially vulnerable web-based services, including APIs and web interfaces, are checked. This is done by executing the same steps that malicious attackers...