PCI Pentesting Guide – PDF

Penetration Testing Guidance – PDF The objective of this information supplement is to update and replace PCI SSC’s original penetration testing information supplement titled “Payment Card Industry Data Security Standard (PCI DSS) Requirement 11.3 Penetration Testing” published in 2008. This information supplement has additional guidance to what is in PCI DSS and is written as general penetration testing guidelines that are...

Read More

Cracking the Encryption Confusion: Encryption Decision Tree

Choosing the Best Encryption Option There is no way to fully cover all the myriad factors in picking a specific encryption option in a (relatively) short paper like this, so we compiled a visual decision tree to at least get you into the right bucket. Here are a few notes on the decision tree. This isn’t exhaustive but should get you looking at the right set of technologies. In all cases you will want secure external key...

Read More

AWS Security Best Practices

Security Best Practices for Amazon Web Services: Built-In Features This is the second post on AWS security best practices, to be compiled into a short paper. The first post on defending the management plane is here. Implement Built-in AWS Infrastructure Security Features Once you lock down and establish monitoring for your Amazon Web Services management plane, it’s time to move on to protecting the virtual infrastructure. Start with...

Read More

Security Best Practices for Amazon Web Services

This is a short series on where to start with AWS security. We plan to release it as a concise white paper soon. It doesn’t cover everything but is designed to kickstart and prioritize your cloud security program on Amazon. We do plan to write a much deeper paper next year, but we received several requests for something covering the fundamentals, so here you go… Continue...

Read More