Crossbow Labs

“SSL, Its over!” – PCI DSS v3.1

Finally, a minor version of PCI DSS 3.0 standard (now version 3.1, after the v1.2.1 many years ago), has been released by the PCI SSC to address the vulnerable SSL/early TLS protocols with addition of few clarifications

Read More

QSA Chronicles – PCI-PTS vs PCI-DSS

It all goes really well when the assessment begins with the Issuing Section. You never seem to lose interest watching the Maticas churning away the fresh new cards, so much so that I take a moment to quietly awe at how

Read More

The Castle Approach

Defense in depth broadly defines that security controls need to be deployed in all the layers of the OSI model, such that the vulnerabilities, which may surpass the security controls in one layer, do not transcend in to

Read More