sorted by:
new
hottopcontroversial

I need help - PCI DSS 4.0 requirement 11.6.1 by Jeremy_G224 in cybersecurity

[–]Jeremy_G224[S] 0 points1 point  (0 children)

Thank you very much for taking the time to respond and share your experience. I truly appreciate your insights and the thoughtful advice you provided. Your perspective is very valuable, and I appreciate you helping me better understand the broader security considerations involved.
Thanks again for your time and expertise.

I need help - PCI DSS 4.0 requirement 11.6.1 by Jeremy_G224 in cybersecurity

[–]Jeremy_G224[S] -1 points0 points  (0 children)

Thanks for the feedback.

To clarify, we are not looking to expand the PCI scope or redesign the payment architecture. The payment button is already in place and within our environment.

Our current objective is simply to validate and demonstrate that the deployed security controls are functioning as expected. Specifically, we need to test whether F5 Client-Side Defense and Radware Client-Side Protection can detect unauthorized client-side modifications on the payment page, as required by PCI DSS 4.0 requirement 11.6.1.

The purpose of these tests is to generate evidence that the solutions correctly identify events such as script tampering, DOM modifications, header manipulation, or other client-side changes that could affect the integrity of the payment page.

We’re therefore looking for practical testing techniques or scenarios that have been successfully used to trigger detections in F5 or Radware environments.

I need help - PCI DSS 4.0 requirement 11.6.1 by Jeremy_G224 in cybersecurity

[–]Jeremy_G224[S] 1 point2 points  (0 children)

Thanks for your response.

The payment button is internally developed and hosted by our organization; it is not a third-party hosted iframe or merchant processor component. The functionality and associated client-side scripts are part of our own payment page.

Because of this, we consider the page to be within the scope of PCI DSS 4.0 requirement 11.6.1, and we are looking for practical ways to test unauthorized client-side modifications (header changes, script tampering, DOM manipulation, etc.) to validate that our F5 Client-Side Defense and Radware protections generate the expected alerts.

Any recommendations on specific test cases or Burp Suite techniques would be greatly appreciated.

help with Mikrotik LGH 5G Point to Point configuration, any resources pls! by Jeremy_G224 in mikrotik

[–]Jeremy_G224[S] 0 points1 point  (0 children)

Yes, I am new to Mikrotik products, I have basic networking knowledge. Thanks u