Date: Sept 16, 2022
Time: 6.30 am PDT/2.30 p.m. BST/7:00 p.m. IST.
Topic: PCI 4.0 for Pen Testers
The Payment Card Industry Data Security Standard (PCI DSS) was introduced in 2004 to minimize the risk of financial fraud and improve security in credit card transactions. In an age where cyberattacks have become an everyday reality, PCI DSS compliance helps businesses avoid data breaches and build customer loyalty and trust.
Since the introduction of the PCI DSS requirement for penetration testing and vulnerability scans, a variety of pen testing and reporting structures have been proposed. However, the PCI Security Standards Council has not provided comprehensive guidance on how clients should meet pen testing requirements, and small changes in the standard can have rippling effects on the scope and breadth of tests. This webinar provides an overview of the PCI DSS requirements and definitions that affect pen testing, including how pen testers can create a properly formatted report.
- Individual PCI DSS requirements that affect penetration tests, including Requirement 12.10.7
- The scope of internal and external pen testing and specific PCI DSS resources to justify this interpretation (Requirement 12.5.2)
- A review of success criteria
- Segmentation pen testing and Requirement 11.3.4 compliance
- How to review the contents of the final and post-remediation reports
Bio: Joseph Pierini is a product evangelist at PlexTrac who is experienced in developing and executing pen testing programs supporting the PCI DSS, among other privacy laws and regulations. Joseph was the lead writer of The PCI DSS Information Supplement: Penetration Testing Guidance, published in March 2015. He is also a published researcher who has discovered and obtained CVEs for vulnerabilities in applications including Apache Tomcat, Caucho’s Resin Application Server, various search engines, web application firewalls, and multiple e-commerce shopping carts.
*Examples, analysis, views and opinion shared by the speakers are personal and not endorsed by EC-Council or their respective employer(s)