PCI DSS ASV scanning explained for dummies

Organizations across the globe are increasingly adopting PCI DSS to demonstrate that they securely store payment card data. Payment Card Industry Data Security Standards (PCI DSS) is a set of technical and operational requirements laid down by the PCI SSC (PCI Security Standard Council). Over the years, PCI DSS has become a reasonably expected compliance … Continued

How to choose a PCI DSS penetration testing partner?

Cyber attacks are getting increasingly sophisticated and complex. An organization cannot sit back and wait for a security incident to occur before taking any action. Modern-day organizations need to adopt proactive as well as reactive measures to minimize cybersecurity risks comprehensively. Penetration testing is one such proactive measure that helps an organization in identifying vulnerabilities … Continued

PCI DSS compliance for your Azure hosted SaaS

Cloud computing has brought in a paradigm shift and transformed how organizations across the globe offer their services. Instead of setting up physical infrastructure, most organizations prefer moving to a cloud environment for on-demand access to resources. Cost-effectiveness and minimal management requirements further push SaaS providers to rely on cloud infrastructure, as compared to physical … Continued

Penetration Testing and Vulnerability Scanning Requirements for PCI DSS

Penetration testing and vulnerability scanning exercises have become standard practices for modern-day enterprises. In our latest series of blog posts, we are discussing how these exercises meet the compliance requirements of various standards, laws, and regulations. We discussed penetration testing and vulnerability scanning controls in ISO 27001:2013 here. In this article, we will be focusing … Continued

PCI DSS Compliance for SaaS Companies – An Overview

An increasing number of Software-as-a-Service (SaaS) providers are now involved in the transmission and storage of cardholder data. They may not be actually processing the data, the mere notion of storage and transmission brings such SaaS providers under the scope of PCI DSS compliance. In this article, we explore what PCI DSS compliance means for … Continued

Difference between SOC 1 and SOC 2

So often we have seen that our clients are confused between SOC 1 and SOC 2 audits. Though both these frameworks deal with the controls implemented within your organization, their focus areas are different. SOC 1 primarily focusses on how an organization is dealing with financial data. On the other hand, SOC 2 checks how an … Continued

Why is BreachLock the best penetration testing as a service for SaaS companies?

BreachLock™ is a modern cloud security platform that covers your end-to-end security testing needs with a click. Our SaaS platform empowers you to scale your security testing efforts as your technology footprint grows.   Figure 1: BreachLock Platform Highlights On-demand access to automated scanning and manual testing ensures you have a single pane view into your … Continued

Penetration Testing and Vulnerability Scanning for PCI DSS

Irrespective of the industry, penetration testing and vulnerability scanning exercises help businesses a great deal when it comes to the security of their technical infrastructure. For businesses processing sensitive data such as credit card data, such practices have more relevance than ever. The foundation for this article was laid by one of our previous articles where … Continued

PCI Penetration Testing

The first version of the PCI DSS standard was released in 2004 for laying down the minimum security requirements when it comes to handling and managing customers’ card information. Over the years, different versions have been introduced, and at present, version 3.2.1 is the latest version released in May 2018. In this article, we will discuss the role of penetration testing … Continued