Secure Payments, PCI DSS, Regulatory Compliance Blog

Archive for the ‘Vendors’ Category

Review - InfoSec Institute Advanced Ethical Hacking: Expert Penetration Testing

Monday, May 7th, 2007 Posted in Vendors | 6 Comments »

I just returned from attending InfoSec Institute's AEH course. Given the relevance of penetration testing to PCI, I thought that it would be worthwhile to post a review for anyone who's considering attending. Vendor: InfoSec Institute I hadn't heard much about ...

PCI catches some problems

Thursday, May 3rd, 2007 Posted in Compliance, PCI DSS, Vendors, Web Applications | 5 Comments »

RSnake at Dark Reading has written a nice little article about XSS and PCI. Unfortunately he then goes and spoils all the good work by saying how you can fix application vulnerabilities with WAFS. Urgh. I've read a lot recently about ...

Integrity for PCI

Thursday, May 3rd, 2007 Posted in Audit log, PCI DSS, Vendors | 8 Comments »

It's not everyday you get to see yourself in print, this is why we blog. It takes a special kind of self-interest to maintain a blog, and an almost blind faith in what you are saying. That's why I always ...

Shift4 bypasses MICROS with free driver

Thursday, April 5th, 2007 Posted in Merchant, Payment Applications, Point of Sale, Vendors | No Comments »

Shift4 corporation has made a bold move of providing merchants an alternative approach to POS compliance.  They independently developed a driver for the MICROS POS system, widely used in restaurants, that allows the retail merchant to obtain compliance without a ...

PCI SVA growing up…

Wednesday, March 28th, 2007 Posted in Conferences, PCI DSS, Vendors | 1 Comment »

The PCI Security Vendors Alliance announced last week that 25 new vendors would be added to the already existing 8 founder members. An initiation ceremony of the new recruits is taking place in Boston on April 12th where most of ...

Application security firms get into vulnerability scanning

Monday, March 19th, 2007 Posted in Approved Scanning Vendor, Vendors, Web Applications | 1 Comment »

Max reports that Watchfire has certified as an approved scanning vendor (ASV). Speculation and then confirmation about SPI Dymanics getting into the business. From their press release: Watchfire ... announced today that its AppScan® product has successfully completed the PCI Security ...

Tripwire podcasts about PCI

Sunday, March 18th, 2007 Posted in Compliance, Podcast, Vendors | 6 Comments »

Thanks to Martin for letting us know about the podcasts that Tripwire has online. They are two on PCI, one on SOX, and two on FISMA. I like to imagine this shows the increased awareness and importance of ...

Whitepaper: Oracle Applications 11i - Credit Cards and PCI Compliance Issues

Sunday, March 11th, 2007 Posted in Database, PCI DSS, Vendors | 5 Comments »

Integrity has a very comprehensive whitepaper on "Oracle Applications 11i: Credit Cards and PCI Compliance Issues" [PDF] (added to Resources page) It covers each of the 12 PCI DSS requirements as they relate to the Oracle database software. It's really ...

Vendors added to the blogroll

Sunday, March 11th, 2007 Posted in Vendors | No Comments »

We added a list of vendor blogs to the blogroll. You can see them on the right side of the page. (Does this mean I need a link blog? I hope not.) We are not sure how long these ...

Can you hear the vendors blogging?

Saturday, February 24th, 2007 Posted in Approved Scanning Vendor, Compliance, Vendors | 5 Comments »

This year at RSA the expo floor was full of people pitching their wares. And what were they saying about them? They sold different things but every product pitched compliance. This is because "compliance" is the only ...
« Previous Entries
Next Entries »