This is the final installment in our series reviewing each of the Self-Assessment Questionnaires (SAQs) available for organizations required to comply with the PCI DSS. This final blog is going to cover another sub-type of the SAQ D, the SAQ D – Service Provider. This SAQ is unique in that, if you’re a service provider, […]
After performing penetration tests for a myriad of companies over the last decade, there is one thing that stands out above all others…. People suck at making passwords. At first I thought “how hard can it be?” But after working with company after company, and trying to improve their password security, I have realized that […]
Each year, Verizon provides a Data Breach Investigation Report (DBIR) which looks at the trends from the past year’s data breaches. Verizon builds this report using 73 data sources, with a combined total of 41,686 security incidents. By looking at the trends, we can see what’s happening in the information security landscape and try to […]
This is the last merchant self-assessment questionnaire to cover in our series going through the organizational requirements to use each of the SAQs. We’ve talked a lot about why it’s so important to try and reduce scope and use the right SAQ for the payment channels utilized by your organization. The SAQ P2PE, in particular, […]
After discussing a number of the other Self Assessment Questionnaires (SAQs) that merchant organizations may need to complete for PCI DSS compliance, we have finally reached the peak if you’re a merchant. This final SAQ for merchants (we’ll cover D for service providers soon) is the catch-all that applies to any organization that isn’t able […]
Passwords are commonly one of the biggest weaknesses we find when performing a penetration test. It seems that no matter what password policy you have in place, users will still use Comany123, Spring2019, or a keyboard pattern for their password. An attacker can easily guess these and gain access to sensitive resources or even your […]
