Find an Experienced Penetration Tester Like most security testing services, the quality of service you get in a penetration testing engagement can vary tremendously from vendor to vendor. That’s because penetration testing is human-driven, relying upon the tester’s expertise and diligence. Evaluate Potential Providers Asking the … Read more
What happens when your employee is also your company’s penetration tester? One of your employees is a Certified Penetration Tester (CPT). Can the organization use this employee to perform its external and application penetration testing? Yes, the PCI DSS does allow companies to pen test themselves, … Read more
Effective July 1, 2015, businesses validating their compliance via PCI SAQ version C are required to undergo a penetration test for the very first time. Brick-and-mortar merchants with payment applications connected to the Internet (but that do not electronically store cardholder data) are subject to … Read more
2014 has been a year filled with news about breaches – big breaches – record breaking breaches. I have spent the majority of the year talking to many people about PCI DSS version 3.0 SAQs. I have spoken to Merchant Banks, Processors, small businesses, IT … Read more
Question: In version 3.0 it states I need to complete penetration testing. In version 2.0 it was recommended and because of our business being 24 hours, we had an acceptable work around. I am being told that the penetration test is a MUST for 3.0? Answer: Penetration … Read more
Should your business store cardholder data? While the PCI DSS discourages businesses from storing credit card data, many feel the practice is necessary in order to facilitate recurring payments.Here are a few of the related questions we’ve recently received: Question: We store credit card info (number … Read more