Sergey Gordeychik, Security Metrics for PCI DSS Compliance

•Download as PPT, PDF•

3 likes•810 views

qqlan

Technology News & Politics

Measuring Security Security Metrics for PCI DSS Compliance Sergey Gordeychik Security Lab by Positive Technologies

What is PCI DSS? ,[object Object],[object Object],[object Object],[object Object]

What is PCI DSS? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Black-and-white approach ,[object Object],[object Object],[object Object],[object Object]

Example : Updating Oracle ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Example : Updating Oracle . What to do ?!! ,[object Object],[object Object],[object Object],[object Object],[object Object]

What is good and what is bad ? ,[object Object],[object Object],[object Object]

Security metrics ,[object Object],[object Object],[object Object],[object Object],[object Object]

Compliance With respect to hosts and requirements

Compliance ,[object Object],[object Object],[object Object]

Good , but not enough ! ,[object Object],[object Object],[object Object]

Labor input metrics ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Process metrics ,[object Object],[object Object],[object Object],[object Object],[object Object]

Process metrics ,[object Object],[object Object],[object Object],[object Object]

Comparison with the world level ,[object Object],[object Object],[object Object]

Web applications vulnerability research , 2008. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Distribution of websites according to the amount of detected vulnerabilities ( the year 2008)

To compromise a website attackers usually exploit … ,[object Object]

How soon can these issues be solved ? ,[object Object]

Thank you for your attention ! Sergey Gordeychik http://gordeys.blogspot.com www.ptsecurity.com [email_address]

What's hot

Agile, DevOps, & HardwareDavid Evans

QMSS Root Cause Analysis - Sample SlidesBusiness Performance Improvement (BPI)

The complete guide for negative testing | David TzemachDavid Tzemach

Security testingPrecise Testing Solution

Penetration Testing; A customers perspectivePhil Huggins FBCS CITP

The Path to Proactive Application SecurityCigital

Five Key Findings: Foolproof Computerized ExaminationPrometric

What is the difference between manual testing and automation testingEr Mahednra Chauhan

Testing introductionFACTS Computer Software L.L.C

Testing 3: Types Of Tests That May Be RequiredArleneAndrews2

Handle With Care: You Have My VA Report!Cigital

Digital Product SecuritySoftServe

What is automation testing | David TzemachDavid Tzemach

Fundamentals of testingMuhammad Khairil

Agile Network India | DevOps - Best practices in the Agile World | Divya MadaanAgileNetwork

2014 State of Code Review Survey ResultsSmartBear

Bringing Security Testing to Development: How to Enable Developers to Act as ...Achim D. Brucker

6 Most Common Threat Modeling MisconceptionsCigital

8 Tips To Write A Quality CodeJalan Technology Consulting

Ad-hoc Testing – Non-methodical yet SignificantSoftware Testing Solution

What's hot (20)

Agile, DevOps, & Hardware

QMSS Root Cause Analysis - Sample Slides

The complete guide for negative testing | David Tzemach

Security testing

Penetration Testing; A customers perspective

The Path to Proactive Application Security

Five Key Findings: Foolproof Computerized Examination

What is the difference between manual testing and automation testing

Testing introduction

Testing 3: Types Of Tests That May Be Required

Handle With Care: You Have My VA Report!

Digital Product Security

What is automation testing | David Tzemach

Fundamentals of testing

Agile Network India | DevOps - Best practices in the Agile World | Divya Madaan

2014 State of Code Review Survey Results

Bringing Security Testing to Development: How to Enable Developers to Act as ...

6 Most Common Threat Modeling Misconceptions

8 Tips To Write A Quality Code

Ad-hoc Testing – Non-methodical yet Significant

Similar to Sergey Gordeychik, Security Metrics for PCI DSS Compliance

Software Quality Architecture And Code AuditXebia IT Architects

Solutions For PCI ComplianceJohn Bedrick

5WCSQ - Quality Improvement by the Real-Time Detection of the ProblemsTakanori Suzuki

Managing Software Risk with CASTCAST

V-Empower Services And Solutionsguest609a5ed

V-Empower Services And SolutionsHannan Ahmed

How to Improve Overall Performance & Security For Any eCommerce Website In 2023Galaxy Weblinks

Swascan Cyber Security Testing PlatformPierguido Iezzi

Software Security InitiativesMarco Morana

Brochure SWASCAN-ENG On PremiseSWASCAN

Swascan brochure-ENPierguido Iezzi

What does it take to be a performance tester?SQALab

Swascan brochure-engSWASCAN

Many companies and agencies conduct IT audits to test and assess the.docxtienboileau

The Magic Of Application Lifecycle Management In Vs PublicDavid Solivan

Web application TestingOWASP Foundation

The Automation Firehose: Be Strategic and Tactical by Thomas HaverQA or the Highway

Parasoft .TEST, Write better C# Code Using Data Flow Analysis Engineering Software Lab

Perforce on Tour 2015 - Grab Testing By the Horns and MovePerforce

Vulnerability and Patch Managementn|u - The Open Security Community

Similar to Sergey Gordeychik, Security Metrics for PCI DSS Compliance (20)

Software Quality Architecture And Code Audit

Solutions For PCI Compliance

5WCSQ - Quality Improvement by the Real-Time Detection of the Problems

Managing Software Risk with CAST

V-Empower Services And Solutions

How to Improve Overall Performance & Security For Any eCommerce Website In 2023

Swascan Cyber Security Testing Platform

Software Security Initiatives

Brochure SWASCAN-ENG On Premise

Swascan brochure-EN

What does it take to be a performance tester?

Swascan brochure-eng

Many companies and agencies conduct IT audits to test and assess the.docx

The Magic Of Application Lifecycle Management In Vs Public

Web application Testing

The Automation Firehose: Be Strategic and Tactical by Thomas Haver

Parasoft .TEST, Write better C# Code Using Data Flow Analysis

Perforce on Tour 2015 - Grab Testing By the Horns and Move

Vulnerability and Patch Management

Recently uploaded

Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10

How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes

Partners Life - Insurer Innovation Award 2024The Digital Insurer

Developing An App To Navigate The Roads of BrazilV3cube

Histor y of HAM Radio presentation slidevu2urc

Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2

2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong

Scaling API-first – The story of a global engineering organizationRadu Cotescu

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93

Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun

Real Time Object Detection Using Open CVKhem

GenAI Risks & Security Meetup 01052024.pdflior mazor

From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software

What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco

TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc

How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo

GenCyber Cyber Security Day PresentationMichael W. Hawkins

Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun

Recently uploaded (20)

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

How to Troubleshoot Apps for the Modern Connected Worker

Partners Life - Insurer Innovation Award 2024

Developing An App To Navigate The Roads of Brazil

Histor y of HAM Radio presentation slide

Exploring the Future Potential of AI-Enabled Smartphone Processors

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Scaling API-first – The story of a global engineering organization

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Data Cloud, More than a CDP by Matt Robison

Real Time Object Detection Using Open CV

GenAI Risks & Security Meetup 01052024.pdf

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

What Are The Drone Anti-jamming Systems Technology?

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

How to Troubleshoot Apps for the Modern Connected Worker

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

GenCyber Cyber Security Day Presentation

Powerful Google developer tools for immediate impact! (2023-24 C)