PHP and MySQL

WestHost PCI Compliance Tool

Screenshot of my PCI compliance tool in action (PHP, MySQL)

Click to view a screenshot of my PCI compliance tool in action (PHP, MySQL)

Source code excerpt (PHP)

Click to view source code excerpt (PHP)

A common type of support request for any web host involves PCI Compliance, the Payment Card Industry’s requirements that helps ensure all companies processing, storing and transmitting credit card information are maintaining a secure environment. All web hosting clients that processes credit card transactions online are required to submit a passing scan from an Approved Scanning Vendor (ASV) every 90 days. Unfortunately, these vendors do not conduct a through check for security vulnerabilities but simply look at software version numbers. As a result, web hosting clients routinely receive failing PCI Compliance scans even though their web site and the WestHost servers meet PCI security requirements. This requires support technicians to manually analyze many PCI Compliance scan reports to determine if each of dozens of reported vulnerabilities are legitimate concerns or false positives; crafting an accurate, detailed response to one of these support tickets often takes an hour or more.

In July 2009, I developed a tool to automate PCI Compliance-related issues. Written in PHP, my web-based application allows technicians to simply upload an ASV scan report (as text or as a PDF file) and an appropriate response to the client will generated in seconds. The scan reports contain Common Vulnerabilities and Exposures (CVE) Identifiers, which are extracted and looked up in a MySQL database to retrieve the relevant explanations/resolutions for each vulnerability.

« HomeNext »