• PCI compliance: Password field is present

    We currently have a huge problem with our PCI compliance. According to them, they want us to add http:// on every single page where a password field is present. Here's what my form in index.php looks like: What should we do here?

    ITKE409,490 pointsBadges:
  • Remote SMTP server is vulnerable to a buffer overflow – Failed PCI compliance

    Hello everyone, My department tried allowing the scanners IP to be accepted through IPTABLES into our SMTP port, but the scan keeps failing. Here's what we're getting: The remote SMTP server is vulnerable to a buffer overflow The server isn't crashing. We white listed the IP but we're still getting...

    ITKE409,490 pointsBadges:
  • What’s the best PCI compliant host?

    Currently, I'm using 1and1 hosting and I've been pretty impressed with the level of support so far (it's easy to use their admin panel). But now, I'm moving into e-commerce. But in order to process any credit cards, using PayPal, we need to be PCI compliant host. What would be the best option for...

    ITKE409,490 pointsBadges:
  • PCI compliance fail: SSL certificate cannot be trusted

    Our server is a CentOS box with a LAMP stack running. But we just had a PCI scan list this as a fail: SSL Certificate Cannot Be Trusted https (443/tcp) Severity: Medium Notes: none But we actually don't have a SSL certificate (we don't attempt to use it either). Should we just close port 443....

    ITKE409,490 pointsBadges:
  • PCI compliance failure: 403 and 404 errors

    In a recent scan done by our PCI compliance testers, we recently failed a PCI test. Here's what it said: Configure the HTTP server to specify the same error documents for both 403 (Forbidden) and 404 (Page Not Found) responses. The site is running on a drupal installation and our drupal .HTAccess...

    ITKE409,490 pointsBadges:
  • CentOS: Filter incoming traffic for PCI compliance

    I'm currently using CentOS and my friend recommended to me that, for PCI compliance, I filter incoming traffic to an UDP port. What's the best way to do this? Thank you so much.

    ITKE409,490 pointsBadges:
  • How to make a virtualization server that’s running Xen PCI compliant?

    We have a server that's running Xen with HVM and we need to make one of our VMs PCI compliant. We've already read the PCI virtualization guide and it says that we need to make sure there's no information leakage between VMs. Is there a way to make sure each OS is unable to intercept data from other...

    ITKE409,490 pointsBadges:
  • How can I be PCI compliant?

    My friend and I are developing a financial software, in turn connect it to a third party credit card company (which would be PCI compliant). As of today, we are not PCI compliant and we're not planning it. However, we want to save the four digits of PAN to help front line staff identity. So if we...

    ITKE409,490 pointsBadges:
  • Replacement for DFU

    We are looking for a product to replace DFU on our AS/400. I have found one product called DBU. In the past I had received information about Hawkeye. Does anybody have any information about this product or company? Thank you

    GreenFrog0 pointsBadges:
  • Vulnerability from PCI scan

    We recently had a PCI scan on one of our websites that was passed to us by a client. Here's one of the vulnerabilities that we got back: Network service: 80/443 Application URL: The response contains SQL Server errors. This suggests that the hazardous characters inserted by the test penetrated the...

    ITKE409,490 pointsBadges:
  • What’s the best service storing PCI sensitive data?

    I'm looking to build a web application that's going to handle sensitive PCI data (including banking numbers). What's the best service that can handle all of this data? My friend told me about Rackspace but I'm not sure about its PCI solution. I just need to make sure the database is secured and I...

    ITKE409,490 pointsBadges:
  • Can we make Google App Engine PCI compliant?

    We're working with Google App Engine but several people in our organization have said that in order to have a PCI compliant cloud solution, we need to have a private cloud environment and we can't use App Engine. Does anyone know if this is true? Can we still use Google App Engine?

    ITKE409,490 pointsBadges:
  • SSL cipher for PCI compliance on AWS

    For the past few weeks, we've been trying for PCI compliance on a load balanced EC2 instance on AWS. Here's our issue: The load balancer accepts weak ciphers. But ELB doesn't support the cipher suite so we have to manually do it one-by-one. What should we do here? What's a good strong cipher for us?

    ITKE409,490 pointsBadges:
  • Can we host a PCI compliant application on Azure?

    I've been trying to host an application on Windows Azure that would store people's credit card information of users who would want to buy monthly subscriptions for a monthly fee. We just have to store the card data as secure as possible. And we know we have to be PCI compliant. Will Azure allow us...

    ITKE409,490 pointsBadges:
  • Configure PCI compliant environment

    I have a few questions related to PCI compliance (since my organization is starting to get into credit card processing). Basically, how can we configure a PCI compliant environment? And how do we secure a build server? Thanks!

    ITKE409,490 pointsBadges:
  • PCI DSS check failing with IIS 7.0

    One of our clients is currently having their website validated so they can accept credit card payments on their site. One of the biggest failures they got back was that they're leaking the internal IP address. But they are running IIS 7.0, which we thought wouldn't do that. We checked the headers...

    ITKE409,490 pointsBadges:
  • Internet Explorer vs. Firefox

    Hello, I'm the Assistant Editor on SearchWindowsSecurity.com. I'm looking to start a discussion about what browser people are using and why. Also, is anyone considering switching from IE to Firefox, or are your plans to stay with IE? Here's some food for thought... As of Feb. 2005, an estimated 35...

    LMullen0 pointsBadges:
  • What can we fix from our PCI scan?

    I'm pretty new to PCI and my organization just got the Trustkeeper PCI Scan and we got several results including: DB Accesibility SSLv2 Supported Ton of OpenSSL related vulnerabilities Apache Tomcat vulnerabilities BIND related vulnerabilities What vulnerabilities should be fixed by my company?...

    ITKE409,490 pointsBadges:
  • PCI compliance issue with SQL injection

    We're working on a client's PCI compliance. Here's one of the failing issues: 3.1.4. Blind SQL Injection (httpgenericscriptblindsqlinjection) We found out that the issue might be with the OWA. Does anyone know how to fix this issue?

    ITKE409,490 pointsBadges:
  • How to get my Ubuntu system PCI DSS compliant

    I'm trying to get PCI compliant and a scanning company flagged our Ubuntu system for not being compliant. What should we do here? It has to do with our open_basedir, which they don't support. Thank you for your help.

    ITKE409,490 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following