• Vulnerability from PCI scan

    We recently had a PCI scan on one of our websites that was passed to us by a client. Here's one of the vulnerabilities that we got back: Network service: 80/443 Application URL: The response contains SQL Server errors. This suggests that the hazardous characters inserted by the test penetrated the...

    ITKE376,460 pointsBadges:
  • What’s the best service storing PCI sensitive data?

    I'm looking to build a web application that's going to handle sensitive PCI data (including banking numbers). What's the best service that can handle all of this data? My friend told me about Rackspace but I'm not sure about its PCI solution. I just need to make sure the database is secured and I...

    ITKE376,460 pointsBadges:
  • Can we make Google App Engine PCI compliant?

    We're working with Google App Engine but several people in our organization have said that in order to have a PCI compliant cloud solution, we need to have a private cloud environment and we can't use App Engine. Does anyone know if this is true? Can we still use Google App Engine?

    ITKE376,460 pointsBadges:
  • SSL cipher for PCI compliance on AWS

    For the past few weeks, we've been trying for PCI compliance on a load balanced EC2 instance on AWS. Here's our issue: The load balancer accepts weak ciphers. But ELB doesn't support the cipher suite so we have to manually do it one-by-one. What should we do here? What's a good strong cipher for us?

    ITKE376,460 pointsBadges:
  • Can we host a PCI compliant application on Azure?

    I've been trying to host an application on Windows Azure that would store people's credit card information of users who would want to buy monthly subscriptions for a monthly fee. We just have to store the card data as secure as possible. And we know we have to be PCI compliant. Will Azure allow us...

    ITKE376,460 pointsBadges:
  • Configure PCI compliant environment

    I have a few questions related to PCI compliance (since my organization is starting to get into credit card processing). Basically, how can we configure a PCI compliant environment? And how do we secure a build server? Thanks!

    ITKE376,460 pointsBadges:
  • PCI DSS check failing with IIS 7.0

    One of our clients is currently having their website validated so they can accept credit card payments on their site. One of the biggest failures they got back was that they're leaking the internal IP address. But they are running IIS 7.0, which we thought wouldn't do that. We checked the headers...

    ITKE376,460 pointsBadges:
  • Internet Explorer vs. Firefox

    Hello, I'm the Assistant Editor on SearchWindowsSecurity.com. I'm looking to start a discussion about what browser people are using and why. Also, is anyone considering switching from IE to Firefox, or are your plans to stay with IE? Here's some food for thought... As of Feb. 2005, an estimated 35...

    LMullen0 pointsBadges:
  • What can we fix from our PCI scan?

    I'm pretty new to PCI and my organization just got the Trustkeeper PCI Scan and we got several results including: DB Accesibility SSLv2 Supported Ton of OpenSSL related vulnerabilities Apache Tomcat vulnerabilities BIND related vulnerabilities What vulnerabilities should be fixed by my company?...

    ITKE376,460 pointsBadges:
  • PCI compliance issue with SQL injection

    We're working on a client's PCI compliance. Here's one of the failing issues: 3.1.4. Blind SQL Injection (httpgenericscriptblindsqlinjection) We found out that the issue might be with the OWA. Does anyone know how to fix this issue?

    ITKE376,460 pointsBadges:
  • How to get my Ubuntu system PCI DSS compliant

    I'm trying to get PCI compliant and a scanning company flagged our Ubuntu system for not being compliant. What should we do here? It has to do with our open_basedir, which they don't support. Thank you for your help.

    ITKE376,460 pointsBadges:
  • Failed PCI compliance check on IIS

    Our website just failed a PCI Compliance check. Our report said the site supported weak ciphers. But we thought we disabled that by turning off the SSL on our web servers. What else we need to check? Should we look at the load balancer? Thank you very much!

    ITKE376,460 pointsBadges:
  • Is there a way to isolate PCI compliance?

    Our company is currently in the process (but not storing) of credit card data. We also authorize the cards through a developed app using the authorize.net API. Now, if it's possible, we would like to limit the requirements of PCI that would affect our servers to an isolated separate environment. Is...

    ITKE376,460 pointsBadges:
  • What’s the cost of PCI compliance for a PHP script?

    I'm developing a single PHP script (it's for a new piece of software) which will collect cardholder information and store it in a MySQL database. Obviously, we're taking our security very seriously but we need some help. What scans do we need to find? After, what's the cost of PCI compliance for...

    ITKE376,460 pointsBadges:
  • PCI compliance rules for storing credit card numbers

    I apologize for the 'newbie' question but does anyone know what the PCI rules to follow are for storing credit card numbers in a database? Can anyone point me in the right direction?

    ITKE376,460 pointsBadges:
  • Storing billing data in a MySQL database: A PCI compliance violation?

    For the past several months, I've been developing a shopping cart and I need to store Name, Billing, Address and Zip Code into a MySQL database. I'm doing this because a returning customer wouldn't have to re-enter billing information. Also, I'm not storing any credit data. Just to ask, am I in...

    ITKE376,460 pointsBadges:
  • Does anyone know if Apache Tomcat is PCI compliant?

    Would anyone happen to know if Apache Tomcat is PCI compliant? I'm worried if there's any vulnerabilities where credit card PANs are stored. Thank you!

    ITKE376,460 pointsBadges:
  • Vendor audit program for quality and compliance

    Does Ariba have a vendor audit program which addresses quality and compliance?

    Cschra5 pointsBadges:
  • Businesses under OSHA umbrella

    Which businesses do not fall under OSHA umbrella?

    Jenkinss5 pointsBadges:
  • Vendors that are currently FedRamp certified

    Is there a list of vendors that are currently FedRamp certified? My Government agency is looking to move to a Security Web Solution for our Electronic Loan Application and I'm working on some market research on possible vendors for IDP and TFA.

    tlserafi5 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.