• Storing a shipping address for PCI compliance

    From what I understand, storing a shipping address would be okay for PCI compliance right? Do configuration standards include requirements for a firewall at each Internet connection? Is there a process for approving and testing all external network connections? I'm leaning towards no but I need to...

    ITKE372,065 pointsBadges:
  • Where can I learn the basics of information security?

    Hi, I'm 16 years old and I was thinking about following a career in information security and I just can't find any good place to teach me the basics of this and school doesn't help me at all cause we are not teached anything like that. Thanks for your time and have a good day!

    Andrei265 pointsBadges:
  • How to use payment gateway integration to avoid PCI compliance

    My client has an e-commerce which accepts payments through a payment gateway integration that transfers the control to payment gateways. But it knows that it needs to be PCI compliant for accepting credit card information. Instead, could our client use stripe payment gateway / integration that it...

    ITKE372,065 pointsBadges:
  • Cross-site scripting issue for PCI compliance

    For one of our client's websites, they're trying to pass PCI compliance test but the testing company notified us of a vulnerability that we can't figure out. Here's what they told us: The issue here is a cross-site scripting vulnerability that is commonly associated with e-commerce applications....

    ITKE372,065 pointsBadges:
  • Will IIS 7 automatically use SSL 3.0?

    We're running a Windows Server 2008 with IIS 7. I need to use SSL 3.0 for our PCI compliance but from what I was told, we should disable SSL 2.0. But if I need to do this, will IIS automatically use SSL 3.0? Thanks!

    ITKE372,065 pointsBadges:
  • Best solution for PCI DSS compliance

    We're currently comparing solutions for PCI DSS compliance including: Splunk, RSA enVision, ArcSight, etc. But we're not sure what to do with. Has anyone had any experience with these programs? Our PCI system is a small segmented network with 5 hosts and our machines will be running Linux. Thanks!

    ITKE372,065 pointsBadges:
  • SQL Server rotation of keys for PCI compliance

    I understand that PCI compliance requires annual rotation of keys. So, I have 16 databases across 3 servers (with multiple tables in each database). And it's going to get bigger. If I did this manually, it would make my data unreadable. Is there a software to do this?

    ITKE372,065 pointsBadges:
  • Website monitoring suggestions?

    Suggestions for website monitoring? Is there something that monitors for security vulnerabilities?

    NewnanIT1,110 pointsBadges:
  • What’s a good open source static source code analysis tool?

    My department needs an open source static source code analysis tool that's going to be used for security testing on an Android app. We need to make sure the app is PCI compliant. Anyone know of a software that we can use for this?

    ITKE372,065 pointsBadges:
  • FTP to SFTP

    I have a job to convert the data file into FTP. But now I need to send it in SFTP form. How can I progress on it? Could you please help me out of it?

    Su3021025 pointsBadges:
  • Should we turn off expose_php off for PCI compliance?

    We have been told by one of our clients that having expose_php = on in our php.ini is a big security issue and not PCI compliant. But we did some research that it's low risk. Does anyone know if this is a major problem? Thanks!

    ITKE372,065 pointsBadges:
  • What credit card info can I store while being PCI compliant?

    Would anyone happen to know what credit card information I'm allowed to store while still being PCI compliant if I'm relying on braintree for payment processing? Are we allowed to store this information: Last 4 digits of credit cards Card type Cardholder name Thanks!

    ITKE372,065 pointsBadges:
  • How to secure CFID for PCI compliance

    For the past few weeks, our PCI scans keep failing because ColdFusion has predictable CFIDs. This is what we get as the failure: Predictable Cookie Session IDs. Our CFID is still predictable and unaffected by any changes in CF Admin. We don't understand why it's a threat but we have to fix it. What...

    ITKE372,065 pointsBadges:
  • Apache configuration to become PCI compliant

    For Apache, we need to make sure of PCI compliance by limiting mod_ssl to SSLv3 and TLSv1 (and also ensuring long keys). We've tried the below configuration but combos of the SSLv2 are still valid. SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM Is there a way completely disable the...

    ITKE372,065 pointsBadges:
  • Upgrade PHP and Apache versions for PCI compliance

    We're currently running Ubuntu for our LAMP environment. For the past week, we've been trying to become PCI compliant so we can pass CC information into our server. When doing the scans, we keep getting these errors regarding our PHP and Apache versions. The PHP version is about 10 versions less...

    ITKE372,065 pointsBadges:
  • PCI compliance for storing SSNs in a hosted database

    Do we have to be PCI compliant when it comes to storing SSNs in our hosted database? We're a nonprofit and it would be hosted in a CRM database. Thank you.

    ITKE372,065 pointsBadges:
  • Where to start for developing a payment gateway in PHP

    I'm trying to develop a payment gateway in PHP and I'm not sure where to start (when it comes to best practice for SSL and PCI DSS). Can anyone point me where to start my search? Books or blogs, perhaps?

    ITKE372,065 pointsBadges:
  • How to offer a high availability database environment

    Can I configure VMware Fault Tolerance, or another VMware technology, to host an active DB2 database at one data center, and host a standby DB2 database at a second data center? Applications would access the primary DB when available, and then access the standby DB if the primary failed. The data...

    JimInTexas5 pointsBadges:
  • Most important software for cybersecurity

    What is the most important software and threads for cybersecurity?

    priyankabaskaran5 pointsBadges:
  • SSL/TLS cipher suites for PCI compliance

    I have a question when it comes to PCI DSS compliance and SSL/TLS cipher suites. What order / priority should I list the ciphers in? I already know which ones I need to use and disable, but my friend said there's a priority list too. This will be for Windows servers. Thank you.

    ITKE372,065 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.