Sergey Gordeychik, Security Metrics for PCI DSS Compliance

•Download as PPT, PDF•

3 likes•810 views

qqlan

Technology News & Politics

Measuring Security Security Metrics for PCI DSS Compliance Sergey Gordeychik Security Lab by Positive Technologies

What is PCI DSS? ,[object Object],[object Object],[object Object],[object Object]

What is PCI DSS? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Black-and-white approach ,[object Object],[object Object],[object Object],[object Object]

Example : Updating Oracle ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Example : Updating Oracle . What to do ?!! ,[object Object],[object Object],[object Object],[object Object],[object Object]

What is good and what is bad ? ,[object Object],[object Object],[object Object]

Security metrics ,[object Object],[object Object],[object Object],[object Object],[object Object]

Compliance With respect to hosts and requirements

Compliance ,[object Object],[object Object],[object Object]

Good , but not enough ! ,[object Object],[object Object],[object Object]

Labor input metrics ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Process metrics ,[object Object],[object Object],[object Object],[object Object],[object Object]

Process metrics ,[object Object],[object Object],[object Object],[object Object]

Comparison with the world level ,[object Object],[object Object],[object Object]

Web applications vulnerability research , 2008. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Distribution of websites according to the amount of detected vulnerabilities ( the year 2008)

To compromise a website attackers usually exploit … ,[object Object]

How soon can these issues be solved ? ,[object Object]

Thank you for your attention ! Sergey Gordeychik http://gordeys.blogspot.com www.ptsecurity.com [email_address]

What's hot

Agile, DevOps, & HardwareDavid Evans

QMSS Root Cause Analysis - Sample SlidesBusiness Performance Improvement (BPI)

The complete guide for negative testing | David TzemachDavid Tzemach

Security testingPrecise Testing Solution

Penetration Testing; A customers perspectivePhil Huggins FBCS CITP

The Path to Proactive Application SecurityCigital

Five Key Findings: Foolproof Computerized ExaminationPrometric

What is the difference between manual testing and automation testingEr Mahednra Chauhan

Testing introductionFACTS Computer Software L.L.C

Testing 3: Types Of Tests That May Be RequiredArleneAndrews2

Handle With Care: You Have My VA Report!Cigital

Digital Product SecuritySoftServe

What is automation testing | David TzemachDavid Tzemach

Fundamentals of testingMuhammad Khairil

Agile Network India | DevOps - Best practices in the Agile World | Divya MadaanAgileNetwork

2014 State of Code Review Survey ResultsSmartBear

Bringing Security Testing to Development: How to Enable Developers to Act as ...Achim D. Brucker

6 Most Common Threat Modeling MisconceptionsCigital

8 Tips To Write A Quality CodeJalan Technology Consulting

Ad-hoc Testing – Non-methodical yet SignificantSoftware Testing Solution

What's hot (20)

Agile, DevOps, & Hardware

QMSS Root Cause Analysis - Sample Slides

The complete guide for negative testing | David Tzemach

Security testing

Penetration Testing; A customers perspective

The Path to Proactive Application Security

Five Key Findings: Foolproof Computerized Examination

What is the difference between manual testing and automation testing

Testing introduction

Testing 3: Types Of Tests That May Be Required

Handle With Care: You Have My VA Report!

Digital Product Security

What is automation testing | David Tzemach

Fundamentals of testing

Agile Network India | DevOps - Best practices in the Agile World | Divya Madaan

2014 State of Code Review Survey Results

Bringing Security Testing to Development: How to Enable Developers to Act as ...

6 Most Common Threat Modeling Misconceptions

8 Tips To Write A Quality Code

Ad-hoc Testing – Non-methodical yet Significant

Similar to Sergey Gordeychik, Security Metrics for PCI DSS Compliance

Software Quality Architecture And Code AuditXebia IT Architects

Solutions For PCI ComplianceJohn Bedrick

5WCSQ - Quality Improvement by the Real-Time Detection of the ProblemsTakanori Suzuki

Managing Software Risk with CASTCAST

V-Empower Services And Solutionsguest609a5ed

V-Empower Services And SolutionsHannan Ahmed

How to Improve Overall Performance & Security For Any eCommerce Website In 2023Galaxy Weblinks

Swascan Cyber Security Testing PlatformPierguido Iezzi

Software Security InitiativesMarco Morana

Brochure SWASCAN-ENG On PremiseSWASCAN

Swascan brochure-ENPierguido Iezzi

What does it take to be a performance tester?SQALab

Swascan brochure-engSWASCAN

Many companies and agencies conduct IT audits to test and assess the.docxtienboileau

The Magic Of Application Lifecycle Management In Vs PublicDavid Solivan

Web application TestingOWASP Foundation

The Automation Firehose: Be Strategic and Tactical by Thomas HaverQA or the Highway

Parasoft .TEST, Write better C# Code Using Data Flow Analysis Engineering Software Lab

Perforce on Tour 2015 - Grab Testing By the Horns and MovePerforce

Vulnerability and Patch Managementn|u - The Open Security Community

Similar to Sergey Gordeychik, Security Metrics for PCI DSS Compliance (20)

Software Quality Architecture And Code Audit

Solutions For PCI Compliance

5WCSQ - Quality Improvement by the Real-Time Detection of the Problems

Managing Software Risk with CAST

V-Empower Services And Solutions

How to Improve Overall Performance & Security For Any eCommerce Website In 2023

Swascan Cyber Security Testing Platform

Software Security Initiatives

Brochure SWASCAN-ENG On Premise

Swascan brochure-EN

What does it take to be a performance tester?

Swascan brochure-eng

Many companies and agencies conduct IT audits to test and assess the.docx

The Magic Of Application Lifecycle Management In Vs Public

Web application Testing

The Automation Firehose: Be Strategic and Tactical by Thomas Haver

Parasoft .TEST, Write better C# Code Using Data Flow Analysis

Perforce on Tour 2015 - Grab Testing By the Horns and Move

Vulnerability and Patch Management

Recently uploaded

FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh

My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar

Install Stable Diffusion in windows machinePadma Pradeep

08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls

08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls

Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix

The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad

SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j

Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime

Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group

Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55

Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst

Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4

Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada

E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxnull - The Open Security Community

Pigging Solutions Piggable Sweeping ElbowsPigging Solutions

Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren

Key Features Of Token Development (1).pptxLBM Solutions

Recently uploaded (20)

FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi

My Hashitalk Indonesia April 2024 Presentation

Install Stable Diffusion in windows machine

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

Swan(sea) Song – personal research during my six years at Swansea ... and bey...

The Codex of Business Writing Software for Real-World Solutions 2.pptx

SIEMENS: RAPUNZEL – A Tale About Knowledge Graph

Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget

Snow Chain-Integrated Tire for a Safe Drive on Winter Roads

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...

Human Factors of XR: Using Human Factors to Design XR Systems

Azure Monitor & Application Insight to monitor Infrastructure & Application

Next-generation AAM aircraft unveiled by Supernal, S-A2

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024

E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx

Pigging Solutions Piggable Sweeping Elbows

Advanced Test Driven-Development @ php[tek] 2024

Key Features Of Token Development (1).pptx