2014\u5e743\u670822\u65e5\u4e4c\u4e91\uff08Woo Yun\uff09\u6f0f\u6d1e\u5e73\u53f0\u53d1\u5e03\u643a\u7a0b\u65c5\u884c\u7f51\u7684\u76f8\u5173\u5b89\u5168\u6f0f\u6d1e\uff0c\u6f0f\u6d1e\u6807\u9898\u4e3a\u201c\u643a\u7a0b\u5b89\u5168\u652f\u4ed8\u65e5\u5fd7\u53ef\u904d\u5386\u4e0b\u8f7d\u5bfc\u81f4\u5927\u91cf\u7528\u6237\u94f6\u884c\u5361\u4fe1\u606f\u6cc4\u9732\uff08\u5305\u542b\u6301\u5361\u4eba\u59d3\u540d\u8eab\u4efd\u8bc1\u3001\u94f6\u884c\u5361\u53f7\u3001\u5361CVV\u7801\u30016\u4f4d\u5361Bin\uff09\u201d\u3002\u57fa\u4e8e\u4e1a\u754c\u9488\u5bf9\u8be5\u6f0f\u6d1e\u63d0\u51fa\u4e86\u5f88\u591a\u4e0ePCI\u6807\u51c6\u76f8\u5173\u7684\u8ba8\u8bba\uff0catsec\u4f5c\u4e3aPCI\u5b89\u5168\u6807\u51c6\u59d4\u5458\u4f1a\u6240\u6388\u6743\u7684\u5408\u89c4\u5b89\u5168\u8bc4\u4f30\u673a\u6784QSA\u516c\u53f8\u5728\u6b64\u8fdb\u884c\u5b98\u65b9\u89e3\u91ca\uff0c\u6f84\u6e05\u7531\u4e8e\u8be5\u4e8b\u4ef6\u5f15\u8d77\u7684\u5bf9\u4e8e\u6807\u51c6\u5bb9\u6613\u5f15\u8d77\u6b67\u4e49\u7684\u89e3\u8bfb\u3002<\/p>\n\n\n\n
1\u3001CVV2\u662f\u5426\u5141\u8bb8\u5b58\u50a8\uff1f \u4e1a\u754c\u4e5f\u5728\u8ba8\u8bba\u5728\u6388\u6743\u4ea4\u6613\u4e4b\u524d\u662f\u5426\u80fd\u8fdb\u884c\u5b58\u50a8\uff0c\u7406\u8bba\u4e0a\u6765\u8bb2\u8fd9\u5e94\u8be5\u53d6\u51b3\u4e8e\u5404\u652f\u4ed8\u54c1\u724c\u7684\u5b89\u5168\u4f53\u7cfb\u8981\u6c42\u3002\u901a\u5e38QSA\u8bc4\u4f30\u673a\u6784\u548c\u4eba\u5458\u4f1a\u5728\u9879\u76ee\u6267\u884c\u8fc7\u7a0b\u4e2d\u901a\u8fc7\u4e1a\u52a1\u6d41\u7a0b\u7684\u68b3\u7406\u4e0e\u88ab\u8bc4\u4f30\u673a\u6784\u8fdb\u884c\u6df1\u5165\u7814\u8ba8\u548c\u786e\u8ba4\uff0c\u603b\u4f53\u6765\u8bb2\u6388\u6743\u4e4b\u524d\u7684\u6682\u65f6\u6027\u7684\u654f\u611f\u8ba4\u8bc1\u5b58\u50a8\u5fc5\u987b\u8981\u9ad8\u4e8e\u539f\u6709\u7684PCI\u8981\u6c42\uff0cQSA\u81f3\u5c11\u8981\u68c0\u67e5\u5f3a\u52a0\u5bc6\u7b97\u6cd5\u7684\u5b9e\u73b0\u3001\u5bc6\u94a5\u7ba1\u7406\u7684\u76f8\u5173\u6d41\u7a0b\u548c\u6280\u672f\u63aa\u65bd\u7b49\u3002<\/p>\n\n\n\n \u6545\u800c\uff0c\u5b89\u5168\u6f0f\u6d1e\u53ef\u80fd\u4f1a\u5bfc\u81f4\u7684\u98ce\u9669\u7406\u8bba\u4e0a\u5e94\u4e0d\u4f1a\u6d89\u53ca\u5230\u654f\u611f\u8ba4\u8bc1\u6570\u636e\u7684\u6cc4\u9732\uff0c\u56e0\u4e3a\u8fd9\u4e9b\u6309\u7167\u6807\u51c6\u548c\u4ea7\u4e1a\u8981\u6c42\u662f\u7981\u6b62\u5b58\u50a8\u7684\u3002\u5173\u4e8e\u6b64\u70b9\uff0c\u65e9\u5728\u591a\u5e74\u4ee5\u524d\u4ea7\u4e1a\u5185\u5c31\u6709\u8fc7\u8bf8\u591a\u7684\u63a2\u8ba8\u548c\u89e3\u51b3\u65b9\u6848\u3002\u6765\u81ea\u4e8ePCI\u6807\u51c6\u59d4\u5458\u4f1a\u7684\u4fe1\u606f\u53c2\u89c1\u5982\u4e0b\uff1a \u6b64\u5916\uff0cPCI\u7684\u8981\u6c42\u5728\u6240\u8c13\u201c\u9884\u6388\u6743\u201d\u8fc7\u7a0b\u4e2d\u662f\u4e00\u81f4\u7684\uff0c\u5e76\u6ca1\u6709\u8981\u6c42\u7684\u53d8\u5316\u548c\u533a\u522b\u3002\u53c2\u89c12012\u5e74PCI\u6807\u51c6\u59d4\u5458\u4f1a\u53d1\u5e03\u7684\u6b63\u5f0f\u8bf4\u660e\uff1a 2\u3001\u5173\u4e8e\u6301\u5361\u4eba\u6570\u636e\u4f20\u8f93\u7684\u52a0\u5bc6\u8981\u6c42 PCI DSS\u6570\u636e\u4fdd\u62a4\u5206\u4e3a\u6570\u636e\u5b58\u50a8\u7684\u4fdd\u62a4\u548c\u4f20\u8f93\u7684\u52a0\u5bc6\uff0cPCI DSS\u7b2c4\u7ae0\u7684\u8981\u6c42\u5747\u662f\u9762\u5411\u516c\u5171\u5f00\u653e\u7f51\u7edc\uff08\u5305\u62ec\u4f46\u4e0d\u9650\u4e8e\u4e92\u8054\u7f51\u3001\u65e0\u7ebf\u3001GSM\u3001GPRS\uff09\u7684\u6301\u5361\u4eba\u6570\u636e\u4f20\u8f93\u52a0\u5bc6\u7684\u8981\u6c42\uff0c\u5176\u4e2d\u5f3a\u52a0\u5bc6\u662f\u5fc5\u987b\u7684\u3002<\/p>\n\n\n\n \u5173\u4e8e\u4f20\u8f93\u52a0\u5bc6\uff0c\u6807\u51c6\u90e8\u5206\u539f\u6587\u53c2\u89c1\u5982\u4e0b\uff1a 3\u3001\u5173\u4e8e\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e 4\u3001\u5728\u7f8e\u56fd\u4e0a\u5e02\u662f\u5426\u5c31\u9ed8\u8ba4\u8fbe\u5230\u4e86PCI DSS\u6807\u51c6\u7684\u5408\u89c4\u8981\u6c42\uff1f \u6267\u884cPCI DSS\u5408\u89c4\u901a\u5e38\u6765\u81ea\u4e8e\u5361\u54c1\u724c\u3001\u6536\u5355\u673a\u6784\uff08\u5982\u94f6\u884c\uff09\u548c\u652f\u4ed8\u5408\u4f5c\u5ba2\u6237\u7684\u8981\u6c42\u3002\u76ee\u524d\u4e5f\u6709\u8d8a\u6765\u8d8a\u591a\u7684\u673a\u6784\u51fa\u4e8e\u81ea\u8eab\u6570\u636e\u5b89\u5168\u7684\u8003\u8651\uff0c\u81f4\u529b\u4e8ePCI\u5408\u89c4\u5efa\u8bbe\u548c\u5b89\u5168\u5408\u89c4\u8bc4\u4f30\u3002<\/p>\n\n\n\n \u8bf7\u53c2\u89c1atsec\u5b98\u65b9PCI QSA\u5408\u89c4\u8bc4\u4f30\u5217\u8868<\/a><\/p>\n\n\n\n 5\u3001\u5173\u4e8e\u6570\u636e\u6cc4\u9732\u548cPFI PCI\u6570\u636e\u5b89\u5168\u6807\u51c6\u7684\u751f\u547d\u5468\u671f\u4e3a\u4e09\u5e74\uff0c\u6bcf\u4e09\u5e74\u5185\u5168\u7403\u7684\u4ea7\u4e1a\u4e13\u5bb6\u5747\u5728\u81f4\u529b\u4e8e\u65b0\u6807\u51c6\u7684\u7814\u8ba8\u548c\u5236\u5b9a\uff0c\u7b26\u5408\u6700\u65b0\u7684\u5b89\u5168\u53d1\u5c55\u8981\u6c42\uff1b\u6b64\u5916\uff0c\u5404\u4e2a\u9886\u57df\u7684\u95ee\u9898\u8bbe\u7f6e\u6709\u4e13\u95e8\u7684\u7279\u522b\u5de5\u4f5c\u7ec4\uff08SIG\uff1aSpecial Interest Group\uff09\u5f00\u53d1\u5e76\u7ef4\u62a4\u7279\u6b8a\u7684\u76f8\u5173\u5b89\u5168\u6280\u672f\u6307\u5bfc\uff0c\u5982\u52a0\u5bc6\u3001EMV\u3001\u79fb\u52a8\u652f\u4ed8\u3001\u4e91\u8ba1\u7b97\u3001\u6e17\u900f\u6d4b\u8bd5\u3001\u5b89\u5168\u610f\u8bc6\u6559\u80b2\u7b49\u3002PCI\u6807\u51c6\u8981\u6c42\u4ece\u5236\u5ea6\u6d41\u7a0b\u3001\u4eba\u5458\u8981\u6c42\u5230\u7f51\u7edc\u5b89\u5168\u3001\u7cfb\u7edf\u52a0\u56fa\u3001\u5e94\u7528\u5f00\u53d1\u8fc7\u7a0b\u3001\u5b89\u5168\u7f16\u7801\u3001\u6570\u636e\u5b89\u5168\u5b58\u50a8\u548c\u4f20\u8f93\u3001\u7269\u7406\u5b89\u5168\u3001\u5b89\u5168\u6d4b\u8bd5\u548c\u6f0f\u6d1e\u7ba1\u7406\u7b49\u65b9\u65b9\u9762\u9762\u8fdb\u884c\u4e86\u8be0\u91ca\u3002\u81f4\u529b\u4e8ePCI\u5408\u89c4\u4e14\u957f\u671f\u6301\u7eed\u7684\u5408\u89c4\u662f\u652f\u4ed8\u76f8\u5173\u673a\u6784\u7684\u4e1a\u52a1\u5065\u5eb7\u7a33\u5b9a\u53d1\u5c55\u7684\u57fa\u7840\uff0c\u4e5f\u662f\u4fdd\u62a4\u5e7f\u5927\u6301\u5361\u4eba\u6570\u636e\u5b89\u5168\u7684\u6700\u4f73\u5b9e\u8df5\u3002<\/p>\n\n\n\n \u53c2\u8003\u8d44\u6599\uff1b 2014\u5e743\u670822\u65e5\u4e4c\u4e91\uff08Woo Yun\uff09\u6f0f\u6d1e\u5e73\u53f0\u53d1\u5e03\u643a\u7a0b\u65c5\u884c\u7f51\u7684\u76f8\u5173\u5b89\u5168\u6f0f\u6d1e\uff0c\u6f0f\u6d1e\u6807\u9898\u4e3a\u201c\u643a\u7a0b\u5b89\u5168\u652f\u4ed8\u65e5\u5fd7\u53ef […]<\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[11],"tags":[],"_links":{"self":[{"href":"http:\/\/192.168.0.78\/wp-json\/wp\/v2\/posts\/4015"}],"collection":[{"href":"http:\/\/192.168.0.78\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/192.168.0.78\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/192.168.0.78\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"http:\/\/192.168.0.78\/wp-json\/wp\/v2\/comments?post=4015"}],"version-history":[{"count":1,"href":"http:\/\/192.168.0.78\/wp-json\/wp\/v2\/posts\/4015\/revisions"}],"predecessor-version":[{"id":4018,"href":"http:\/\/192.168.0.78\/wp-json\/wp\/v2\/posts\/4015\/revisions\/4018"}],"wp:attachment":[{"href":"http:\/\/192.168.0.78\/wp-json\/wp\/v2\/media?parent=4015"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/192.168.0.78\/wp-json\/wp\/v2\/categories?post=4015"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/192.168.0.78\/wp-json\/wp\/v2\/tags?post=4015"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
CVV2\u662f\u83b7\u53d6\u4ea4\u6613\u6388\u6743\u7684\u4e00\u4e2a\u91cd\u8981\u6570\u636e\uff0c\u5728PCI DSS\u6807\u51c6\u4e2d\uff0cCVV2\/CVC2\u3001PIN\u7801\u4ee5\u53ca\u78c1\u6761\u4fe1\u606f\u7b49\u6570\u636e\u79f0\u4e3a\u654f\u611f\u8ba4\u8bc1\u6570\u636e\uff08SAD\uff1aSensitive Authentication Data\uff09\u3002PCI DSS\u8981\u6c423.2\u539f\u6587\u53c2\u89c1\u5982\u4e0b\uff1a
3.2 Do not store sensitive authentication data after authorization (even if encrypted). If sensitive authentication data is received, render all data unrecoverable upon completion of the authorization process.<\/em>
\u6807\u51c6\u6b63\u786e\u7684\u89e3\u8bfb\u4e3a\uff1a\u654f\u611f\u8ba4\u8bc1\u6570\u636e\uff08SAD\uff1aSensitive Authentication Data\uff09\u5728\u6388\u6743\u5b8c\u6210\u4e4b\u540e\u7981\u6b62\u5b58\u50a8\uff08\u53d1\u5361\u673a\u6784\u548c\u53d1\u5361\u5904\u7406\u673a\u6784\u9664\u5916\uff09\uff0c\u5373\u4f7f\u8fdb\u884c\u4e86\u52a0\u5bc6\u4e5f\u662f\u7edd\u5bf9\u7981\u6b62\u7684\u3002\u8be5\u8981\u6c42\u662fPCI DSS\u6807\u51c66\u5927\u7c7b12\u4e2a\u8981\u6c42300\u4f59\u9879\u5b89\u5168\u8981\u6c42\u4e4b\u4e00\uff0c\u4e5f\u662f\u6807\u51c6\u7684\u91cd\u8981\u7684\u57fa\u7ebf\u8981\u6c42\u3002<\/p>\n\n\n\n
As for sensitive authentication data, such as the contents of the magnetic stripe and the security code, the Council added this:<\/em>
With respect to SAD, PCI DSS Requirement 3.2 prohibits storage of SAD AFTER authorization, even if encrypted. Whether SAD is permitted to be stored prior to authorization is determined by the individual payment brands, including any related usage and protection requirements. Any permitted storage of SAD prior to authorization would be subject to strict conditions and controls above those defined in the PCI DSS. Additionally, several payment brands have very specific rules that prohibit any storage of SAD and do not make any exceptions. To determine payment brand requirements, please contact the individual payment brands directly.<\/em>
\u4ecePCI DSS\u6807\u51c6\u7684\u89d2\u5ea6\uff0c\u5bb9\u6613\u88ab\u5ffd\u7565\u7684\u4f4d\u7f6e\uff08\u6bd4\u5982\u65e5\u5fd7\u6587\u4ef6\u3001\u4e34\u65f6\u6587\u4ef6\u3001debug\u6587\u4ef6\u7b49\uff09\uff0c\u7279\u522b\u662f\u8c03\u8bd5\u6027\u7684debug\u4fe1\u606f\u7ecf\u5e38\u4f1a\u88ab\u5ffd\u7565\uff0c\u8fd9\u4e5f\u662fatsec\u6267\u884cQSA\u5ba1\u6838\u7684\u91cd\u70b9\u548c\u5bb9\u6613\u53d1\u73b0\u95ee\u9898\u7684\u73af\u8282\u3002<\/p>\n\n\n\n
PCI DSS applies wherever cardholder data (CHD) and\/or sensitive authentication data (SAD) is stored, processed or transmitted, irrespective of whether it is pre-authorization or post-authorization. There are no specific rules in PCI DSS regarding how long CHD or SAD can be stored prior to authorization, but such data must be protected according to PCI DSS while being stored, processed or transmitted.<\/em><\/p>\n\n\n\n
\u6709\u6587\u7ae0\u8c08\u53ca\uff1a\u201c\u800cPCI\u987e\u95eeJames Huguelet\u5219\u6307\u51fa\uff1aPCI\u6807\u51c6\u6700\u5927\u7684\u5b89\u5168\u95ee\u9898\u5728\u4e8e\uff0c\u8be5\u6807\u51c6\u867d\u7136\u8981\u6c42\u5bf9\u9759\u6001\u6570\u636e\u52a0\u5bc6\uff0c\u4f46\u662f\u5e76\u4e0d\u8981\u6c42\u4f01\u4e1a\u5bf9\u6570\u636e\u4f20\u8f93\u52a0\u5bc6\uff0c\u4e5f\u5c31\u662f\u5728\u6574\u4e2a\u4ea4\u6613\u6d41\u7a0b\u94fe\u4e2d\uff0c\u6570\u636e\u90fd\u672a\u88ab\u8981\u6c42\u52a0\u5bc6\u3002\u201d\u8fd9\u4e2a\u4e13\u5bb6\u7684\u8bc4\u8bba\u65e0\u7591\u662f\u9519\u8bef\u7684\u3002<\/p>\n\n\n\n
4.1 Use strong cryptography and security protocols (for example, SSL\/TLS, IPSEC, SSH, etc.) to safeguard sensitive cardholder data during transmission over open, public networks.<\/em>
\u901a\u5e38atsec\u9664\u4e86\u5ba1\u6838\u8bc1\u636e\u548c\u8bbf\u8c08\uff0c\u4e5f\u4f1a\u901a\u8fc7\u5916\u90e8\u6388\u6743\u7684\u626b\u63cf\u4f9b\u5e94\u5546\uff08ASV\uff1aApproved Scanning Vendor\uff09\u901a\u8fc7\u626b\u63cf\u7684\u65b9\u5f0f\u8fdb\u884c\u8fdb\u4e00\u6b65\u7684\u9a8c\u8bc1\uff08\u53c2\u89c1PCI DSS\u8981\u6c4211.2\uff09\u3002<\/p>\n\n\n\n
\u4e8b\u4ef6\u4e2d\u63d0\u53ca\u7684\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\uff0c\u662fOWASP top 10\u4e2d\u7684\u6f0f\u6d1e\u4e4b\u4e00\u3002\u5728\u4e0a\u4e2a\u7248\u672c\u6807\u51c6PCI DSS v2.0\u7684\u8981\u6c426.5.8\u4e2d\u5df2\u660e\u786e\u8981\u6c42\u675c\u7edd\u8be5\u6f0f\u6d1e\u7684\u5b58\u5728\u3002\u6b64\u5916\uff0cPCI DSS\u6807\u51c6\u8981\u6c42\u5728\u652f\u4ed8\u5e94\u7528\u4e0a\u7ebf\u524d\u7684\u4ee3\u7801\u5ba1\u6838\u9636\u6bb5\uff08\u6d89\u53ca\u8981\u6c426.3.2\uff09\u3001\u5b89\u5168\u6027\u6d4b\u8bd5\u9636\u6bb5\uff08\u6d89\u53ca\u8981\u6c426.4.5.3\uff09\u4ee5\u53ca\u4e0a\u7ebf\u540e\u7684\u5b9a\u671f\u5b89\u5168\u6027\u68c0\u67e5\u9636\u6bb5\uff08\u6d89\u53ca\u8981\u6c426.6\uff09\u7684\u8f6f\u4ef6\u751f\u547d\u5468\u671f\u8fc7\u7a0b\u4e2d\uff0c\u901a\u8fc7\u6709\u6548\u7684\u4ee3\u7801\u8bc4\u5ba1\u3001\u652f\u4ed8\u5e94\u7528\u4e0a\u7ebf\u524d\u7684\u5b89\u5168\u6027\u6d4b\u8bd5\u4ee5\u53ca\u652f\u4ed8\u5e94\u7528\u4e0a\u7ebf\u540e\u7684\u5b9a\u671f\u4ee3\u7801\u5ba1\u6838\u6216\u901a\u8fc7\u5b9e\u65bd\u963b\u6b62\u9488\u5bf9Web\u5e94\u7528\u7684\u76d1\u6d4b\u548c\u9632\u62a4\u673a\u5236\u7b49\u63aa\u65bd\u786e\u4fdd\u652f\u4ed8\u5e94\u7528\u4e2d\u4e0d\u5b58\u5728OWASP top 10\u6f0f\u6d1e\u3002\u6807\u51c6\u539f\u6587\u53c2\u89c1\u5982\u4e0b\uff1a
6.5.8 Improper Access Control (such as insecure direct object references, failure to restrict URL access, and directory traversal)<\/em><\/p>\n\n\n\n
\u8fd9\u662f\u4e0d\u51c6\u786e\u7684\u3002PCI DSS\u65e9\u5728\u591a\u5e74\u524d\u5df2\u7ecf\u6210\u4e3a\u65b0\u5546\u6237\u3001\u670d\u52a1\u63d0\u4f9b\u5546\uff0c\u4ee5\u53ca\u6536\u5355\u673a\u6784\u548c\u53d1\u5361\u673a\u6784\u5904\u7406\u652f\u4ed8\u76f8\u5173\u4e1a\u52a1\u7684\u5f3a\u5236\u8981\u6c42\uff0c\u76ee\u524d\u5e76\u6ca1\u6709\u660e\u663e\u7684\u8bc1\u636e\u663e\u793aPCI DSS\u7684\u5408\u89c4\u8981\u6c42\u662f\u6765\u81ea\u4e8e\u4e0a\u5e02\u7ba1\u7406\u673a\u6784\u7684\u5f3a\u5236\u8981\u6c42\u3002<\/p>\n\n\n\n
\u5728\u5b89\u5168\u884c\u4e1a\u5f88\u591a\u7684\u673a\u6784\u548c\u5382\u5546\u90fd\u4f1a\u63a5\u53d7\u5b89\u5168\u4e13\u5bb6\u6216\u8005\u81ea\u884c\u53d1\u73b0\u5b89\u5168\u6f0f\u6d1e\uff0c\u548c\u9ed1\u5ba2\u5229\u7528\u6f0f\u6d1e\u653b\u51fb\u7684\u672c\u8d28\u533a\u522b\u5728\u4e8e\u6f0f\u6d1e\u7684\u53d1\u5e03\u662f\u4e3a\u4e86\u66f4\u597d\u7684\u4fee\u590d\u6f0f\u6d1e\u5e76\u89e3\u51b3\u4fe1\u606f\u5b89\u5168\u95ee\u9898\u3002\u6545\u800c\u6f0f\u6d1e\u53ef\u80fd\u662f\u5ba2\u89c2\u5b58\u5728\u7684\uff0c\u6f0f\u6d1e\u53d1\u5e03\u548c\u95ee\u9898\u4fee\u590d\u4e4b\u95f4\u7684\u65f6\u95f4\u7a97\u53e3\u5c31\u663e\u5f97\u5c24\u4e3a\u91cd\u8981\uff0c\u4f7f\u5f97\u6f0f\u6d1e\u88ab\u9ed1\u5ba2\u5229\u7528\u5bfc\u81f4\u6570\u636e\u6cc4\u9732\u4e8b\u4ef6\u7684\u53ef\u80fd\u6027\u4ee5\u53ca\u76f8\u5173\u98ce\u9669\u964d\u5230\u6700\u4f4e\u3002
\u800c\u6f0f\u6d1e\u7684\u53d1\u5e03\u672c\u8eab\u4e5f\u4e0d\u610f\u5473\u7740\u53d1\u751f\u4e86\u6570\u636e\u6cc4\u9732\u7684\u4e8b\u4ef6\u3002\u5728\u56fd\u9645PCI\u4ea7\u4e1a\uff0c\u901a\u5e38\u53d1\u751f\u4e86\u7591\u4f3c\u6570\u636e\u6cc4\u9732\u4e4b\u540e\uff0c\u4f1a\u9080\u8bf7PCI\u5b89\u5168\u6807\u51c6\u59d4\u5458\u4f1a\u6240\u6388\u6743\u7684PCI\u53d6\u8bc1\u8c03\u7814\u673a\u6784\uff08PFI\uff1aPCI Forensic Investigator\uff09\u6267\u884c\u4e8b\u540e\u53d6\u8bc1\u8c03\u7814\uff0c\u8fdb\u4e00\u6b65\u786e\u5b9a\u4e8b\u4ef6\u53d1\u751f\u7684\u539f\u56e0\uff0c\u63d0\u51fa\u5efa\u8bae\u6539\u5584\u4fe1\u606f\u5b89\u5168\u3002<\/p>\n\n\n\n
[1] WooYun.org\uff1ahttp:\/\/www.wooyun.org\/bugs\/wooyun-2010-054302<\/a>
[2] PCI SSC\u5b98\u65b9\u7f51\u7ad9\uff1ahttps:\/\/www.pcisecuritystandards.org\/<\/a>
[3] atsec\u5b98\u65b9\u7f51\u7ad9\uff1ahttp:\/\/www.atsec.cn\/<\/a>
[4] \u643a\u7a0b\u652f\u4ed8\u5b89\u5168\u58f0\u660e\uff1a
http:\/\/pages.ctrip.com\/commerce\/promote\/201403\/other\/xf\/index.html<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"