[Global_education_committee] PCI PA-DSS and PABP Training and "OWASP" Certification
christian.heinrich at owasp.org
Fri Jun 10 03:25:20 EDT 2011
Martin et al,
Can the GEC please endorse or alternate recommendations for the proposed
educational deliverables of OWASP PCI Project below?
From: Christian Heinrich [mailto:christian.heinrich at owasp.org]
Sent: Thursday, 19 May 2011 6:18 AM
To: global_education_committee at lists.owasp.org
Subject: Fwd: PCI PA-DSS and PABP Training and "OWASP" Certification
Martin et al,
I am not sure if the GEC would like to assist in developing an alternative
to http://www.sans.org/visatop10/ which is endorsed by
If so, I would like to forward this to the GIC for their consideration of
the relationship to SANS and VISA?
Also, should a deliverable be developed for
considering that PABP has been deprecated by Visa for PA-DSS?
I would also like to acknowledge the PCI related deliverables
https://www.owasp.org/index.php/Category:OWASP_CBT_Project have had a
preliminary review performed by me i.e. due to impending travel.
---------- Forwarded message ----------
From: Christian Heinrich <christian.heinrich at owasp.org>
Date: Thu, May 19, 2011 at 5:58 AM
Subject: Re: Draft Project Plan - May 2011
To: Owasp-pci-project at lists.owasp.org
FYI, these releases of the draft project plan have been archived at
On Thu, May 12, 2011 at 1:36 PM, Christian Heinrich
<christian.heinrich at owasp.org> wrote:
> I have uploaded a revised Project Plan to
> https://files.me.com/cmlh/4hbutu (link valid for 30 days) with the
> following amendments:
> 1. 3-D Secure will be an independent OWASP Project from this OWASP
> (PCI) Project.
> 2. Visa have formed a relationship with SANS related to PA-DSS
> Training i.e. http://www.sans.org/visatop10/
> If there are no further comments, suggestions, flames, etc then I will
> commence the negotiations with resources listed after AusCERT 2011
> i.e. from 17 May hence why I haven't included other OWASP Mailing
> Lists yet.
> On Mon, Apr 25, 2011 at 7:50 PM, Christian Heinrich
> <christian.heinrich at owasp.org> wrote:
>> ... and 3DSecure possibly encapsulated under PCI-DSS?
>> On Mon, Apr 25, 2011 at 7:47 PM, Christian Heinrich
>> <christian.heinrich at owasp.org> wrote:
>>> Another task would be PBAP which could be encapsulated under PA-DSS
>>> On Sun, Apr 24, 2011 at 10:17 AM, Christian Heinrich
>>> <christian.heinrich at owasp.org> wrote:
>>>> I have uploaded the draft project plan to
>>>> https://files.me.com/cmlh/7ase5d (link valid for 30 days) based on
>>>> our thread from March i.e.
>>>> To view the .pod requires http://openproj.org/ and I have also
>>>> included a screenshot within the .tar.gz also.
>>>> Background information on the notes within the .pod is available
>>>> Please note that while the dates for the PCI SCC Community Meeting
>>>> are correct the effort of each task has not been estimated so the
>>>> value of
>>>> "1 Day" will be incorrect.
>>>> I have also attempted to document the various interactions with
>>>> other OWASP Committees, the PCI SSC and a PA-QSA.
>>>> Please let me know if there are any errors, tasks which I may have
>>>> unintentionally left out, etc?
>>>> Also, please expect a delay in my reply until 11 May as I will be
>>>> travelling i.e. http://www.dopplr.com/traveller/cmlh and I intent
>>>> to commence the negotiations with resources listed after AusCERT
>>>> 2011 i.e. from 17 May hence why I haven't included other OWASP
>>>> Mailing Lists yet.
More information about the Global_education_committee