[Owasp-board] Fwd: [PCI and Data Security Compliance] Comment: "Web application security survey"

Andrew van der Stock vanderaj at owasp.org
Wed Nov 8 04:56:38 UTC 2006


Hi there,

Should we do this? I think the answer is most definitely yes

thanks,
Andrew

Begin forwarded message:

> From: "Michael Dahn" <mike.dahn at volubis.com>
> Date: 8 November 2006 3:43:38 PM
> To: <vanderaj at owasp.org>
> Subject: RE: [PCI and Data Security Compliance] Comment: "Web  
> application security survey"
>
> Hi Andrew,
>
> I've worked in the PCI space for a while as an assessor and for the  
> last
> year with Visa training the assessors globally.
>
> If there's anything I can do to get the updated list into the next  
> version
> of the PCI SAQ please let me know.  I'd also like to know if you  
> have an
> interest in speaking at a PCI conference next year in San Francisco.
>
> Thanks,
> -Mike
>
> Michael Dahn
> Volubis, Inc.
> 415-420-4331 cell
> 415-738-4916 office
> 814-680-5174 e-fax
>
>
> -----Original Message-----
>
> Comment:
> Hi there,
>
> Thanks for taking the time out to discuss this very important  
> question. We
> would love to work more closely with PCI folks, from peer review of  
> their
> proposed standards, to peer reviewing updated materials they have  
> previously
> adopted from us.
>
> On this particular point, OWASP believe that automated scanning  
> tools can be
> very useful to reduce the amount of work done by a professional  
> reviewer,
> but they are not a replacement for a professional reviewer.  
> Therefore, I am
> glad that item 6.6 is in the SAP.
>
> We are revising the OWASP Top 10 right now. The Top 10 2007 will be  
> in this
> year's SANS Top 20 as item C1. We'd really like it if PCI SAP folks  
> and
> indeed anyone who wants to be a peer reviewer of the OWASP Top 10 2007
> contact me (vanderaj @ owasp.org) or Jeff Williams (jeff.williams @
> owasp.org) as a matter of some urgency. We want to pump it out by  
> January.
>
> thanks,
> Andrew
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20061108/8a4d61b6/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2458 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20061108/8a4d61b6/attachment-0002.bin>


More information about the Owasp-board mailing list