top of page

Services
About Us
Blog

Services
About Us
Blog
Contact Us

Blog

News and articles from nabu

-

Penetration Testing: Beyond Automation

PCI DSS V4.x Requirement 11.4: Manual vs. Automated Penetration Testing (PT) PCI-assessed organizations (such as payment providers or merchants) often ask what role AI-based/automated tools should play in Penetration Testing. Put more bluntly: if these tools can perform tests, is there still a need for a human expert to conduct them? This article explores why, according to the PCI DSS, the "human mastermind" remains irreplaceable. The Hybrid Approach: Tools vs. Expertise According to the...

Penetration Testing: Beyond Automation

Penetration Testing: Beyond Automation

Mar 11

Penetration Testing for PCI and automation

Penetration Testing for PCI and automation

ASV Scans of Mobile Application

Jul 30, 2025

iPhone or Android applications and ASV scan

iPhone or Android applications and ASV scan

Whitelisting an ASV Scanner IP in WAF for PCI DSS Compliance

Apr 21, 2025

Whitelisting an ASV Scanner IP in WAF for PCI DSS Compliance

Whitelisting an ASV Scanner IP in WAF for PCI DSS Compliance

Setting up HSTS in Cloudflare

Apr 20, 2025

HSTS in Cloudflare

HSTS in Cloudflare

All PostsCybersecurityCompliancePrivacy

Penetration Testing: Beyond Automation

-

Penetration Testing: Beyond Automation

Penetration Testing: Beyond Automation

ASV Scans of Mobile Application

-

ASV Scans of Mobile Application

ASV Scans of Mobile Application

Whitelisting an ASV Scanner IP in WAF for PCI DSS Compliance

-

Whitelisting an ASV Scanner IP in WAF for PCI DSS Compliance

Whitelisting an ASV Scanner IP in WAF for PCI DSS Compliance

Setting up HSTS in Cloudflare

-

Setting up HSTS in Cloudflare

Setting up HSTS in Cloudflare

HSTS (HTTP Strict Transport Security) and PCI DSS approved scans

-

HSTS (HTTP Strict Transport Security) and PCI DSS approved scans

HSTS (HTTP Strict Transport Security) and PCI DSS approved scans

Understanding Requirement 11.3.2 and the Need for ASV Scans for E-Commerce Merchants

-

Understanding Requirement 11.3.2 and the Need for ASV Scans for E-Commerce Merchants

Understanding Requirement 11.3.2 and the Need for ASV Scans for E-Commerce Merchants

Targeted Risk Analysis in PCI DSS: Understanding Requirement 12.3.2

-

Targeted Risk Analysis in PCI DSS: Understanding Requirement 12.3.2

Targeted Risk Analysis in PCI DSS: Understanding Requirement 12.3.2

Key Encryption in AWS HSM and PCI DSS Compliance (Requirement 3)

-

Key Encryption in AWS HSM and PCI DSS Compliance (Requirement 3)

Key Encryption in AWS HSM and PCI DSS Compliance (Requirement 3)

No Results Found...

All Posts
Cybersecurity
Compliance
Privacy

Penetration Testing for PCI and automation

Penetration Testing for PCI and automation

Penetration Testing: Beyond Automation

PCI DSS V4.x Requirement 11.4: Manual vs. Automated Penetration Testing (PT) PCI-assessed organizations (such as payment providers or merchants) often ask what role AI-based/automated tools should play in Penetration Testing. Put more bluntly: if these tools can perform tests, is there still a need for a human expert to conduct them? This article explores why, according to the PCI DSS, the "human mastermind" remains irreplaceable. The Hybrid Approach: Tools vs. Expertise Ac

Mar 112 min read

iPhone or Android applications and ASV scan

iPhone or Android applications and ASV scan

ASV Scans of Mobile Application

ASV scanning (PCI DSS Requirement 11.3.2) is also needed for mobile applications: “All publicly accessible applications — including...

Jul 30, 20251 min read

Whitelisting an ASV Scanner IP in WAF for PCI DSS Compliance

Whitelisting an ASV Scanner IP in WAF for PCI DSS Compliance

Whitelisting an ASV Scanner IP in WAF for PCI DSS Compliance

Organizations handling cardholder data must comply with PCI DSS (Payment Card Industry Data Security Standard) , which mandates regular...

Apr 21, 20252 min read

HSTS in Cloudflare

HSTS in Cloudflare

Setting up HSTS in Cloudflare

One of the more common vulnerabilities found during ASV scan is the lack of HSTS (HTTP Strict Transport Security) . This is not...

Apr 20, 20251 min read

HSTS (HTTP Strict Transport Security) and PCI DSS approved scans

HSTS (HTTP Strict Transport Security) and PCI DSS approved scans

HSTS (HTTP Strict Transport Security) and PCI DSS approved scans

Definition: HSTS (HTTP Strict Transport Security) is a web security policy mechanism that helps websites enforce secure connections by...

Mar 31, 20253 min read

Understanding Requirement 11.3.2 and the Need for ASV Scans for E-Commerce Merchants

Understanding Requirement 11.3.2 and the Need for ASV Scans for E-Commerce Merchants

Understanding Requirement 11.3.2 and the Need for ASV Scans for E-Commerce Merchants

As part of the PCI DSS v4.0.1 requirements, Requirement 11.3.2 mandates that e-commerce merchants regularly perform Approved Scanning...

Dec 23, 20243 min read

Targeted Risk Analysis in PCI DSS: Understanding Requirement 12.3.2

Targeted Risk Analysis in PCI DSS: Understanding Requirement 12.3.2

Targeted Risk Analysis in PCI DSS: Understanding Requirement 12.3.2

In the context of PCI DSS (Payment Card Industry Data Security Standard) , Requirement 12.3.2 introduces the concept of a targeted risk...

Dec 23, 20244 min read

Key Encryption in AWS HSM and PCI DSS Compliance (Requirement 3)

Key Encryption in AWS HSM and PCI DSS Compliance (Requirement 3)

Key Encryption in AWS HSM and PCI DSS Compliance (Requirement 3)

In today's digital landscape, the protection of sensitive data is crucial, especially in the payment card industry. AWS Hardware Security...

Dec 23, 20244 min read

Cybersecurity

Compliance

Privacy

Subscribe Today

Sign up to get the latest news and articles from nabu.

Enter your email*

The Netherlands

+31 (0)6 1306 0469

Israel

+972 (0)52 341 6234

Services
About Us
Blog
Contact Us

Privacy Policy
Terms and Conditions

© 2025 nabu. All Rights Reserved.

Website Created by SKS Creative.

Services
About Us
Blog

bottom of page