[Owasp-pci-project] PCI 6.6
Daniel Herrera
daherrera101 at yahoo.com
Mon Jun 29 13:51:19 EDT 2009
Almost every social networking application is a perfect example of functionality minus security.
--- On Fri, 6/26/09, McGovern, James F (HTSC, IT) <James.McGovern at thehartford.com> wrote:
From: McGovern, James F (HTSC, IT) <James.McGovern at thehartford.com>
Subject: Re: [Owasp-pci-project] PCI 6.6
To: owasp-pci-project at lists.owasp.org
Date: Friday, June 26, 2009, 7:37 AM
Yes, one is about heads the other is about tails. They are about the
same coin. Curious to know if other examples of well-written but
otherwise insecure examples exist in the wild. Folks need more than just
webgoat.
-----Original Message-----
From: Brad Andrews [mailto:andrews at rbacomm.com]
Sent: Thursday, June 25, 2009 10:22 PM
To: McGovern, James F (HTSC, IT); owasp-pci-project at lists.owasp.org
Subject: Re: [Owasp-pci-project] PCI 6.6
I can't go into details, but I would strongly dispute the assertion that
software quality and security are necessarily the same thing, at least
in the eyes of most in business. I do agree with it in principle, but
security is usually focused on misuse while most companies are focused
instead on proper use. Those are two very different things!
--------------------------------
Brad Andrews
andrews at rbacomm.com
CSSLP, GSEC, GCIH, GCFW, GPCI
--------------------------------------------------
From: "McGovern, James F (HTSC, IT)" <James.McGovern at thehartford.com>
Sent: Thursday, June 04, 2009 9:28 AM
To: <owasp-pci-project at lists.owasp.org>
Subject: [Owasp-pci-project] PCI 6.6
> Other than WebGoat, has anyone ever ran across an insecure but
> otherwise well performing application that was written within a large
> enterprise (note I left off shops who develop software as their sole
mission)?
> Security and quality are somewhat two sides of the same coin and it
> isn't difficult to find business people who thinks that the
> performance or other quality attributes of their IT systems suck.
************************************************************
This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies.
************************************************************
_______________________________________________
Owasp-pci-project mailing list
Owasp-pci-project at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-pci-project
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-pci-project/attachments/20090629/ab9e2513/attachment.html
More information about the Owasp-pci-project
mailing list