Penetration Testing Guidelines and Best Practices – part 2

What the PCI standard explicitly mandates about penetration testing is illustrated in Requirement 11.3, requiring organizations to perform annual penetration tests that would mainly: While the composition of the network layer tests is left to the discretion of the tester, the standard specifies that as a minimum the following elements must be included in the […]

The Two Core Phases of Penetration Testing and PCI Compliance Pitfalls

When it comes to pen testing, it can always be roughly broken down in to two core phases: scanning and exploiting. Simply put: know what you’re dealing with; then you may push the red “fire” button and unleash hell. The scanning phase This of course applies to any PCI-related pentest being carried out against the […]