PCI-DSS and Vulnerability Management

Last August 1, 2015, I presented about a known security standard for credit cards. The Payment Card Industry Data Security Standard (PCI-DSS) is a standard used to protect data of merchants and banks that utilize the credit card facility.

There are 12 requirements of PCI-DSS. I focused my presentation on the vulnerability management side since I handled the vulnerability assessment (VA) in my previous work.

For the demo, I used the trial version of Acunetix vulnerability scanner. I used the test website to and verified 1 of the vulnerabilities (sending data in cleartext) and exploiting it by using Wireshark.

My presentation can be found here: PCI_MSORMAN.

Leave a Reply