There are only a handful of days left for companies to become compliant with section 6.6 of the PCI DSS and there are even more scare-tactics being tossed into the marketplace. Compliance should not be feared, as we all know the penalty is what can be the most costly (see TJX). So what can you do to step up your compliance? Here are a few tips from around the web.

Security Ninja offers up these four tips:

1. Manual review of application source code
2. Proper use of automated application source code analyzer (scanning) tools
3. Manual web application security vulnerability assessment
4. Proper use of automated web application security vulnerability assessment (scanning) tools

On Tray Ford’s blog, there is mention of a supplement that was released to help clarify 6.6. It is used as a tool to help understand the requirement, although “in no way replaces or supersedes Requirement 6.6 in the Data Security Standard.”

Finally, I took to YouTube to find some helpful information about PCI and I stumbled upon the videos below.

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.