SecurityMetrics/PCI Compliance
Does anyone have experience with PCI compliance for Drupal sites? I manage a Dreamhost Drupal site for a client that demands PCI compliance and I've hit a snag I need help with.
We've been passing SecurityMetrics scans consistently for several months. Suddenly, the scan is failing with dozens of issues that begin like, "Title: command injection in form_id parameter ..."
Can anyone help me figure out what this means? Is this something I can fix?
Many thanks!
Read moreAchieving PCI Compliance (SecurityMetrics.com)
Does anyone in the group have any experience achieving PCI Compliance with, e.g. SecurityMetrics.com? In my case, I could save client a ton of money by solving this.
The SecurityMetrics.com test is complaining about the Apache ETag. Can we somehow use .htaccess to change the ETag values?
Is there a best practice for this kind of thing?
Read more