Suche senden
Hochladen
Application Security and PA DSS Certification
•
Als PPT, PDF herunterladen
•
1 gefällt mir
•
823 views
D
Digital Security
Folgen
Technologie
Melden
Teilen
Melden
Teilen
1 von 37
Jetzt herunterladen
Empfohlen
PA-DSS and Application Penetration Testing
PA-DSS and Application Penetration Testing
Schellman & Company
Datasheet app vulnerability_assess
Datasheet app vulnerability_assess
Birodh Rijal
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
Rui Miguel Feio
PCI DSS and PA DSS Compliance
PCI DSS and PA DSS Compliance
Kimberly Simon MBA
Application security and pa dss certification
Application security and pa dss certification
Alexander Polyakov
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
Black Duck by Synopsys
PA-DSS
PA-DSS
Christian Heinrich
Security Testing
Security Testing
Pratham Software (PSI)
Empfohlen
PA-DSS and Application Penetration Testing
PA-DSS and Application Penetration Testing
Schellman & Company
Datasheet app vulnerability_assess
Datasheet app vulnerability_assess
Birodh Rijal
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
Rui Miguel Feio
PCI DSS and PA DSS Compliance
PCI DSS and PA DSS Compliance
Kimberly Simon MBA
Application security and pa dss certification
Application security and pa dss certification
Alexander Polyakov
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
Black Duck by Synopsys
PA-DSS
PA-DSS
Christian Heinrich
Security Testing
Security Testing
Pratham Software (PSI)
Web Application Penetration Testing
Web Application Penetration Testing
Mani Gandan
Vijay Amarnath - Updated
Vijay Amarnath - Updated
Vijay Amarnath
Swetana A Purohit
Swetana A Purohit
Swetana Purohit
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Kimberly Simon MBA
Sage Solutions Brief.Mjo
Sage Solutions Brief.Mjo
mjo57
FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your Deal
FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your Deal
Black Duck by Synopsys
Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892
Risk Crew
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
Robert Grupe, CSSLP CISSP PE PMP
Making PCI V3.0 Business as Usual (BAU)
Making PCI V3.0 Business as Usual (BAU)
ControlCase
DS_Sentinel_4pg_031513
DS_Sentinel_4pg_031513
Tiffeny Price
Advanced Authorization for SAP Global Deployments Part III of III
Advanced Authorization for SAP Global Deployments Part III of III
NextLabs, Inc.
PCI Compliance in the Cloud
PCI Compliance in the Cloud
Kimberly Simon MBA
451 Sugarcrm Aslett
451 Sugarcrm Aslett
Matthew Aslett
Qualys Webex 24 June 2008
Qualys Webex 24 June 2008
Vladimir Jirasek
What CISOs should know about SAP security
What CISOs should know about SAP security
ERPScan
Card Data Discovery and PCI DSS
Card Data Discovery and PCI DSS
Kimberly Simon MBA
Firehost Webinar: Validating your Cardholder Data Envirnment
Firehost Webinar: Validating your Cardholder Data Envirnment
Armor
PCI Compliance in the Cloud
PCI Compliance in the Cloud
ControlCase
PCI DSSand PA DSS
PCI DSSand PA DSS
Kimberly Simon MBA
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
akquinet enterprise solutions GmbH
Cybersecurity Presentation at WVONGA spring meeting 2018
Cybersecurity Presentation at WVONGA spring meeting 2018
Jack Shaffer
How PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applications
Ben Rothke
Weitere ähnliche Inhalte
Was ist angesagt?
Web Application Penetration Testing
Web Application Penetration Testing
Mani Gandan
Vijay Amarnath - Updated
Vijay Amarnath - Updated
Vijay Amarnath
Swetana A Purohit
Swetana A Purohit
Swetana Purohit
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Kimberly Simon MBA
Sage Solutions Brief.Mjo
Sage Solutions Brief.Mjo
mjo57
FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your Deal
FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your Deal
Black Duck by Synopsys
Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892
Risk Crew
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
Robert Grupe, CSSLP CISSP PE PMP
Making PCI V3.0 Business as Usual (BAU)
Making PCI V3.0 Business as Usual (BAU)
ControlCase
DS_Sentinel_4pg_031513
DS_Sentinel_4pg_031513
Tiffeny Price
Advanced Authorization for SAP Global Deployments Part III of III
Advanced Authorization for SAP Global Deployments Part III of III
NextLabs, Inc.
PCI Compliance in the Cloud
PCI Compliance in the Cloud
Kimberly Simon MBA
451 Sugarcrm Aslett
451 Sugarcrm Aslett
Matthew Aslett
Qualys Webex 24 June 2008
Qualys Webex 24 June 2008
Vladimir Jirasek
What CISOs should know about SAP security
What CISOs should know about SAP security
ERPScan
Card Data Discovery and PCI DSS
Card Data Discovery and PCI DSS
Kimberly Simon MBA
Firehost Webinar: Validating your Cardholder Data Envirnment
Firehost Webinar: Validating your Cardholder Data Envirnment
Armor
PCI Compliance in the Cloud
PCI Compliance in the Cloud
ControlCase
PCI DSSand PA DSS
PCI DSSand PA DSS
Kimberly Simon MBA
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
akquinet enterprise solutions GmbH
Was ist angesagt?
(20)
Web Application Penetration Testing
Web Application Penetration Testing
Vijay Amarnath - Updated
Vijay Amarnath - Updated
Swetana A Purohit
Swetana A Purohit
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Sage Solutions Brief.Mjo
Sage Solutions Brief.Mjo
FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your Deal
FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your Deal
Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
Making PCI V3.0 Business as Usual (BAU)
Making PCI V3.0 Business as Usual (BAU)
DS_Sentinel_4pg_031513
DS_Sentinel_4pg_031513
Advanced Authorization for SAP Global Deployments Part III of III
Advanced Authorization for SAP Global Deployments Part III of III
PCI Compliance in the Cloud
PCI Compliance in the Cloud
451 Sugarcrm Aslett
451 Sugarcrm Aslett
Qualys Webex 24 June 2008
Qualys Webex 24 June 2008
What CISOs should know about SAP security
What CISOs should know about SAP security
Card Data Discovery and PCI DSS
Card Data Discovery and PCI DSS
Firehost Webinar: Validating your Cardholder Data Envirnment
Firehost Webinar: Validating your Cardholder Data Envirnment
PCI Compliance in the Cloud
PCI Compliance in the Cloud
PCI DSSand PA DSS
PCI DSSand PA DSS
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
Ähnlich wie Application Security and PA DSS Certification
Cybersecurity Presentation at WVONGA spring meeting 2018
Cybersecurity Presentation at WVONGA spring meeting 2018
Jack Shaffer
How PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applications
Ben Rothke
PCI DSS Success: Achieve Compliance and Increase Web Application Security
PCI DSS Success: Achieve Compliance and Increase Web Application Security
Citrix
Fintech Cybersecurity Measures
Fintech Cybersecurity Measures
ijtsrd
Application security Best Practices Framework
Application security Best Practices Framework
Sujata Raskar
Infographic-2-MainFrame-Compliance-Standards
Infographic-2-MainFrame-Compliance-Standards
Clint Walker
PCI Compliance Report
PCI Compliance Report
Holly Vega
New regulations and the evolving cybersecurity technology landscape
New regulations and the evolving cybersecurity technology landscape
Ulf Mattsson
PCI DSS Reaper - Are you ready - VIMRO
PCI DSS Reaper - Are you ready - VIMRO
FitCEO, Inc. (FCI)
Application Security framework for Mobile App Development in Enterprise Setup
Application Security framework for Mobile App Development in Enterprise Setup
Eswar Publications
AL_PCI-Cheatsheet_web
AL_PCI-Cheatsheet_web
Derrick McBreairty
Compliance Awareness
Compliance Awareness
Dinesh O Bareja
WITDOM Credit Risk Scoring use case at ISSE 2017
WITDOM Credit Risk Scoring use case at ISSE 2017
Elsa Prieto
Mobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best Practices
Cisco Canada
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
Patricia M Watson
January 2016 VASCO Investor Presention
January 2016 VASCO Investor Presention
rodrida1
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private clouds
Ulf Mattsson
Who is the next target proactive approaches to data security
Who is the next target proactive approaches to data security
Ulf Mattsson
Apani PCI-DSS Compliance
Apani PCI-DSS Compliance
Apani Enterprise Security Software
PCI Compliance white paper
PCI Compliance white paper
HelpSystems
Ähnlich wie Application Security and PA DSS Certification
(20)
Cybersecurity Presentation at WVONGA spring meeting 2018
Cybersecurity Presentation at WVONGA spring meeting 2018
How PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applications
PCI DSS Success: Achieve Compliance and Increase Web Application Security
PCI DSS Success: Achieve Compliance and Increase Web Application Security
Fintech Cybersecurity Measures
Fintech Cybersecurity Measures
Application security Best Practices Framework
Application security Best Practices Framework
Infographic-2-MainFrame-Compliance-Standards
Infographic-2-MainFrame-Compliance-Standards
PCI Compliance Report
PCI Compliance Report
New regulations and the evolving cybersecurity technology landscape
New regulations and the evolving cybersecurity technology landscape
PCI DSS Reaper - Are you ready - VIMRO
PCI DSS Reaper - Are you ready - VIMRO
Application Security framework for Mobile App Development in Enterprise Setup
Application Security framework for Mobile App Development in Enterprise Setup
AL_PCI-Cheatsheet_web
AL_PCI-Cheatsheet_web
Compliance Awareness
Compliance Awareness
WITDOM Credit Risk Scoring use case at ISSE 2017
WITDOM Credit Risk Scoring use case at ISSE 2017
Mobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best Practices
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
January 2016 VASCO Investor Presention
January 2016 VASCO Investor Presention
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private clouds
Who is the next target proactive approaches to data security
Who is the next target proactive approaches to data security
Apani PCI-DSS Compliance
Apani PCI-DSS Compliance
PCI Compliance white paper
PCI Compliance white paper
Mehr von Digital Security
Основы PA-DSS
Основы PA-DSS
Digital Security
Типовые ошибки в Implementation Guide
Типовые ошибки в Implementation Guide
Digital Security
Сертификация приложения по стандарту PA-DSS
Сертификация приложения по стандарту PA-DSS
Digital Security
Безопасность платежных приложений, стандарт PA DSS
Безопасность платежных приложений, стандарт PA DSS
Digital Security
Основные проблемы безопасности систем ДБО
Основные проблемы безопасности систем ДБО
Digital Security
Основные этапы процесса достижения соответствия PCI DSS
Основные этапы процесса достижения соответствия PCI DSS
Digital Security
На пути к PCI соответствию
На пути к PCI соответствию
Digital Security
Ключевые особенности сертификации по PA-DSS
Ключевые особенности сертификации по PA-DSS
Digital Security
Основные проблемы внедрения PCI DSS
Основные проблемы внедрения PCI DSS
Digital Security
Безопасность бизнес-приложений
Безопасность бизнес-приложений
Digital Security
Особенности проведения тестов на проникновение в организациях банковской сферы
Особенности проведения тестов на проникновение в организациях банковской сферы
Digital Security
Клиент банка под атакой
Клиент банка под атакой
Digital Security
Основные мифы безопасности бизнес-приложений
Основные мифы безопасности бизнес-приложений
Digital Security
PCI DSS - основные заблуждения при проведении тестов на проникновение
PCI DSS - основные заблуждения при проведении тестов на проникновение
Digital Security
Практические аспекты оценки защищенности систем ДБО
Практические аспекты оценки защищенности систем ДБО
Digital Security
Часто задаваемые вопросы на пути к PCI соответствию
Часто задаваемые вопросы на пути к PCI соответствию
Digital Security
Mehr von Digital Security
(16)
Основы PA-DSS
Основы PA-DSS
Типовые ошибки в Implementation Guide
Типовые ошибки в Implementation Guide
Сертификация приложения по стандарту PA-DSS
Сертификация приложения по стандарту PA-DSS
Безопасность платежных приложений, стандарт PA DSS
Безопасность платежных приложений, стандарт PA DSS
Основные проблемы безопасности систем ДБО
Основные проблемы безопасности систем ДБО
Основные этапы процесса достижения соответствия PCI DSS
Основные этапы процесса достижения соответствия PCI DSS
На пути к PCI соответствию
На пути к PCI соответствию
Ключевые особенности сертификации по PA-DSS
Ключевые особенности сертификации по PA-DSS
Основные проблемы внедрения PCI DSS
Основные проблемы внедрения PCI DSS
Безопасность бизнес-приложений
Безопасность бизнес-приложений
Особенности проведения тестов на проникновение в организациях банковской сферы
Особенности проведения тестов на проникновение в организациях банковской сферы
Клиент банка под атакой
Клиент банка под атакой
Основные мифы безопасности бизнес-приложений
Основные мифы безопасности бизнес-приложений
PCI DSS - основные заблуждения при проведении тестов на проникновение
PCI DSS - основные заблуждения при проведении тестов на проникновение
Практические аспекты оценки защищенности систем ДБО
Практические аспекты оценки защищенности систем ДБО
Часто задаваемые вопросы на пути к PCI соответствию
Часто задаваемые вопросы на пути к PCI соответствию
Kürzlich hochgeladen
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Andrey Devyatkin
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
apidays
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
apidays
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
Remote DBA Services
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
rafiqahmad00786416
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Zilliz
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Remote DBA Services
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
Dropbox
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
apidays
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
Zilliz
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
apidays
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
apidays
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
The Digital Insurer
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
johnbeverley2021
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
MIND CTI
Kürzlich hochgeladen
(20)
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
Application Security and PA DSS Certification
1.
Application Security and
PA-DSS Certification Polyakov Alexander. PCI QSA , PA-QSA Head of Security Audit Department. Digital Security (http://www.dsec.ru) Head of DSecRG Lab. (http://www.dsecrg.com)
2.
© 2002—
2010, Digital Security Application Security 2 Application Security and PA-DSS Certification “ Verizon 2009 Data Breach Investigations Report ” http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf Attack Vector Looking deeper into hacking activity, it is apparent that the bulk of attacks continues to target applications and services rather than the operating systems or platforms on which they run. Of these, remote access services and web applications were the vector through which the attacker gained access to corporate systems in the vast majority of cases. While network devices do sometimes serve as the avenue of attack, it was considerably less often in 2008. Shifting from OS and Network level Security to Application Security is a global tendency
3.
4.
© 2002—
2010, Digital Security Attacks by applications Application Security and PA-DSS Certification Verizon 2009 Data Breach Investigations Report http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf
5.
© 2002—
2010, Digital Security What data hackers need? 2 Application Security and PA-DSS Certification http://www.blackhat.com/presentations/bh-dc-10/Percoco_Nicholas/BlackHat-DC-2010-Percoco-Global-Security-Report-2010-slides.pdf http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf Verizon: 85% - cardholder data Trustwave: 9 8 % cardholder data
6.
© 2002—
2010, Digital Security Percent of compliance by incident 6 Application Security and PA-DSS Certification Verizon: Average level of compliance with Requirement 6 of PCI DSS in compromised companies were only 5% http://www.blackhat.com/presentations/bh-dc-10/Percoco_Nicholas/BlackHat-DC-2010-Percoco-Global-Security-Report-2010-slides.pdf http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf Trustwave: None of the compromised companies was fully compliant with Requirement 6
7.
8.
© 2002—
2010, Digital Security 8 Application Security and PA-DSS Certification http://pcworld.about.com/od/webbasedapplications/PCI-App-Security-Who-s-Guardi.htm
9.
© 2002—
2010, Digital Security The easiest way 9 Application Security and PA-DSS Certification Application security is at the heart of the Payment Card Industry (PCI) security standards and requirements. In the last few years, data breaches have resulted in hundreds of millions of data records being compromised. In most of these cases, the firewalls worked, the encryption worked, the logging worked, but the application contained security holes which obviated much of the security. It's like barring the front doors to the bank and leaving a back window open. http://pcworld.about.com/od/webbasedapplications/PCI-App-Security-Who-s-Guardi.htm
10.
© 2002—
2010, Digital Security Direct data losses 10 Application Security and PA-DSS Certification Direct data loss of financial structures in US is about 7.5 billion $ per year It costs as much as approximately 50 islands in Thailand
11.
© 2002—
2010, Digital Security Data losses in other countries 11 Application Security and PA-DSS Certification In England APACS statistics by July 6, 2009 says that fraud losses are about £328.4m ( ~500 m $ ) http ://www.7safe.com/ breach_report /Breach_report_2010.pdf In Russia By Russian National Regional Banking Association overall losses from carders is about 30 m $ per year http :// www.itsec.ru /articles2/ research / plastikovye-voiyny
12.
© 2002—
2010, Digital Security Indirect losses 12 Application Security and PA-DSS Certification http://www.itsec.ru/articles2/research/plastikovye-voiyny Heartland losses in NYSE were 44% per day and became less 10 times in a week
13.
© 2002—
2010, Digital Security What can we do? 13 Application Security and PA-DSS Certification
14.
© 2002—
2010, Digital Security History of PA-DSS 14 Application Security and PA-DSS Certification PABP (2005) PCI DSS (2006) PA–DSS (2008)
15.
16.
17.
18.
19.
20.
21.
© 2002—
2010, Digital Security Importance of logical flaws 21 Application Security and PA-DSS Certification Trustwave: Logical flaws -2 nd place http://www.cenzic.com/downloads/Cenzic_AppSecTrends_Q1-Q2-2009.pd http://www.blackhat.com/presentations/bh-dc-10/Percoco_Nicholas/BlackHat-DC-2010-Percoco-Global-Security-Report-2010-slides.pdf f Censic: access control and privileges 2 nd place (22%)
22.
23.
24.
25.
26.
27.
© 2002—
2010, Digital Security Listing 2 7 Application Security and PA-DSS Certification Today there are about 700 applications listed on the web-site . Before PA-DSS there were about 200 applications assessed by PABP
28.
29.
30.
31.
32.
33.
34.
35.
36.
© 2002—
2010, Digital Security Thanks 36 Application Security and PA-DSS Certification ?
37.
Jetzt herunterladen