Paul’s Security Weekly (Video)
Technology
Version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS) puts greater emphasis on application security than did previous versions of the standard. It also adds a new “customized approach” option that allows merchants and other entities to come up with their own ways to comply with requirements, and which also has implications for application security. Specifically, PCI DSS 4.0 requires that by March 31, 2025, more testing of public-facing applications related to payment processing or other activities be considered “in scope” for compliance. Generally, any system that touches payment-card data is in scope for PCI DSS compliance, whether or not the system or function is public-facing. We'll talk through what organizations should have gotten done by March 31, 2024, and what needs to happen by March 31, 2025.
Segment Resources: https://info.obsglobal.com/pci-4.0-resources
Show Notes: https://securityweekly.com/psw-825
Incident Response Readiness - Gerard Johansen - PSW #794
Super Admins, Ancient Language Codes, Great Leakage, & Mirai Vs. Tomcat - PSW #793
Incident Response Stories - Bill Swearingen - PSW #793
Flipper Zeroes, The "Kia Boys", RFID Tags for Amazon, & PCI Wizardry - PSW #792
Post-Breach: The Hardening Continues - Sean Metcalf - PSW #792
Security Certification - Rohit Misuriya, Sumit Siddharth - PSW #791
Lost Keys, LOL Drivers, Nintendo Helps FBI, Mali Mail, & Our Rap Names - PSW #791
It's Alive!, Slow Migrations, Hiding on the Net, BlackLotus Source, & Gaslighting - PSW #790
Getting Control Of Your Security Data Pipeline - JP Bourget - PSW #790
Thoughts From A Security Legend - Dan Geer - PSW Vault
Melting Neighbors, SBOMs, DIY 2FA - PSW #789
Pen Testing & Adversary Emulation - Carlos Perez - PSW #789
Cyber Directors (& Tsars!), Replace Your Hardware, Drink For PCI, & Handheld Gaming - PSW #788
Penetration Testing - Emilie St-Pierre - PSW #788
Interview with Bill Cheswick - PSW VAULT
L0pht Heavy Industries Panel - PSW Vault
Plain Text Keystrokes, WPBT, One Packet Exploits, & Sock Puppets! - PSW #787
Spotlight on Penetration Testers - Vlad Gostomelsky - PSW #787
Post-Exploit, Vocal Passports, Will it Run DOOM!?!, & Coldplay Lyrics in Firmware - PSW #786
Generative AI Security Implications, Protecting Web Applications - Liam Mayron - PSW #786
Create your
podcast in
minutes
It is Free
Insight Story: Tech Trends Unpacked
Zero-Shot
Fast Forward by Tomorrow Unlocked: Tech past, tech future
The Unbelivable Truth - Series 1 - 26 including specials and pilot
Acquired