[Owasp-pci-project] Proposed Roadmap - Mar 2011
Anton Chuvakin
anton at chuvakin.org
Sun Mar 20 20:31:09 EDT 2011
> PCI-DSS
> 1. Create a deliverable (e.g. wiki page) which provides generic
> guidance on PCI-DSS Section 6.5 which has two statements on achieving
> (1) "conformance" with WAF and reference
> http://projects.webappsec.org/w/page/13246985/Web-Application-Firewall-Evaluation-Criteria
> (2) "security" by remediating the source code, build, etc. This
> should reference OpenSAMM, ESAPI, Microsoft SDL, etc
Maybe also: create a quick training for PCI QSAs (based on above
guidance) to build up their knowledge around 6.x. The world has,
sadly, *some* appsec-ignorant QSAs...
--
Dr. Anton Chuvakin
Site: http://www.chuvakin.org
Blog: http://www.securitywarrior.org
LinkedIn: http://www.linkedin.com/in/chuvakin
Consulting: http://www.securitywarriorconsulting.com
Twitter: @anton_chuvakin
Google Voice: +1-510-771-7106
More information about the Owasp-pci-project
mailing list