John Watson

Hello! My name is Watson and I’m a freelance web developer. I create web sites using the latest tech for clients both huge and small. Rent my brain and I’ll help you build your dream project.

How to fix PCI compliance issues

Have you gotten an email from your PCI DSS security scanning vendor saying that you’ve failed your most recent vulnerability scan? And, oh, by the way, you’ve got a month to fix it to get back into compliance? Yikes!

The good news is that a lot of the failure notices are possibly false positives. That is, you’ve been flagged for things that don’t apply to you. That’s good because there’s nothing you need to do to fix it except let your scanning vendor know that it doesn’t apply and the vulnerability has been mitigated. More good news: fixing the real issues is usually pretty easy.

The bad news is that there’s no easy way to tell which ones are false positives and which ones are real; and there’s no easy way to tell what you have to do to fix each of the issues. Scanning reports have notices that read like word soup:

Yes, that's a real scanning report

If you have a dedicated IT staff, you should be able to give this report to them and they can go through the failures one by one, find out what caused the failure, and let you know your options. That process will involve some research (each of the CVE numbers represents a document describing the security vulnerability in detail) and cross-checking of the software installed on your server. Hopefully, they come back and say that they’re all false positives because you’ve already applied all of the relevant patches. In other cases, they may need to apply a security patch or update to your server which may require some downtime.

If you don’t have an IT staff or you don’t know what to do… don’t panic. That’s why I wrote this! Contact me and together we’ll get you back into compliance in no time.


How to hire a developer

Building a better WordPress portfolio

Using git to build CSS files for deployment

Magento admin browser caching

MySQL vs AppArmor solution

Magento database model without an auto_increment primary key

Magento debugging tips

Teaching programming

Breaking the internet