[Global_education_committee] PCI PA-DSS and PABP Training and "OWASP" Certification

Christian Heinrich christian.heinrich at owasp.org
Fri Jun 10 03:25:20 EDT 2011


Martin et al,

Can the GEC please endorse or alternate recommendations for the proposed
educational deliverables of OWASP PCI Project below?

-----Original Message-----
From: Christian Heinrich [mailto:christian.heinrich at owasp.org] 
Sent: Thursday, 19 May 2011 6:18 AM
To: global_education_committee at lists.owasp.org
Subject: Fwd: PCI PA-DSS and PABP Training and "OWASP" Certification

Martin et al,

I am not sure if the GEC would like to assist in developing an alternative
to http://www.sans.org/visatop10/ which is endorsed by
http://usa.visa.com/merchants/risk_management/cisp_payment_applications.html
?ep=v_sym_pabp#anchor_4

If so, I would like to forward this to the GIC for their consideration of
the relationship to SANS and VISA?

Also, should a deliverable be developed for
http://usa.visa.com/merchants/risk_management/cisp_payment_applications.html
considering that PABP has been deprecated by Visa for PA-DSS?

I would also like to acknowledge the PCI related deliverables
https://www.owasp.org/index.php/Category:OWASP_CBT_Project have had a
preliminary review performed by me i.e. due to impending travel.

---------- Forwarded message ----------
From: Christian Heinrich <christian.heinrich at owasp.org>
Date: Thu, May 19, 2011 at 5:58 AM
Subject: Re: Draft Project Plan - May 2011
To: Owasp-pci-project at lists.owasp.org


FYI, these releases of the draft project plan have been archived at
https://github.com/cmlh/OWASP_PCI

On Thu, May 12, 2011 at 1:36 PM, Christian Heinrich
<christian.heinrich at owasp.org> wrote:
> I have uploaded a revised Project Plan to 
> https://files.me.com/cmlh/4hbutu (link valid for 30 days) with the 
> following amendments:
>
> 1. 3-D Secure will be an independent OWASP Project from this OWASP
> (PCI) Project.
> 2. Visa have formed a relationship with SANS related to PA-DSS 
> Training i.e. http://www.sans.org/visatop10/
>
> If there are no further comments, suggestions, flames, etc then I will 
> commence the negotiations with resources listed after AusCERT 2011 
> i.e. from 17 May hence why I haven't included other OWASP Mailing 
> Lists yet.
>
> On Mon, Apr 25, 2011 at 7:50 PM, Christian Heinrich 
> <christian.heinrich at owasp.org> wrote:
>> ... and 3DSecure possibly encapsulated under PCI-DSS?
>>
>> On Mon, Apr 25, 2011 at 7:47 PM, Christian Heinrich 
>> <christian.heinrich at owasp.org> wrote:
>>> Another task would be PBAP which could be encapsulated under PA-DSS
>>>
>>> On Sun, Apr 24, 2011 at 10:17 AM, Christian Heinrich 
>>> <christian.heinrich at owasp.org> wrote:
>>>> I have uploaded the draft project plan to 
>>>> https://files.me.com/cmlh/7ase5d (link valid for 30 days) based on 
>>>> our thread from March i.e.
>>>> https://lists.owasp.org/pipermail/owasp-pci-project/2011-March/thre
>>>> ad.html
>>>>
>>>> To view the .pod requires http://openproj.org/ and I have also 
>>>> included a screenshot within the .tar.gz also.
>>>>
>>>> Background information on the notes within the .pod is available 
>>>> from
https://lists.owasp.org/pipermail/owasp-pci-project/2011-March/thread.html.
>>>>
>>>> Please note that while the dates for the PCI SCC Community Meeting 
>>>> are correct the effort of each task has not been estimated so the 
>>>> value of
>>>> "1 Day" will be incorrect.
>>>>
>>>> I have also attempted to document the various interactions with 
>>>> other OWASP Committees, the PCI SSC and a PA-QSA.
>>>>
>>>> Please let me know if there are any errors, tasks which I may have 
>>>> unintentionally left out, etc?
>>>>
>>>> Also, please expect a delay in my reply until 11 May as I will be 
>>>> travelling i.e. http://www.dopplr.com/traveller/cmlh and I intent 
>>>> to commence the negotiations with resources listed after AusCERT 
>>>> 2011 i.e. from 17 May hence why I haven't included other OWASP 
>>>> Mailing Lists yet.

--
Regards,
Christian Heinrich
http://www.owasp.org/index.php/user:cmlh



More information about the Global_education_committee mailing list