[Owasp-board] Fwd: [PCI and Data Security Compliance] Comment: "Webapplication security survey"

Jeff Williams jeff.williams at owasp.org
Thu Nov 9 00:57:29 UTC 2006






From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Andrew van der
Sent: Tuesday, November 07, 2006 11:57 PM
To: owasp-board at lists.owasp.org
Subject: [Owasp-board] Fwd: [PCI and Data Security Compliance] Comment:
"Webapplication security survey"


Hi there,


Should we do this? I think the answer is most definitely yes





Begin forwarded message:

From: "Michael Dahn" <mike.dahn at volubis.com>

Date: 8 November 2006 3:43:38 PM

To: <vanderaj at owasp.org>

Subject: RE: [PCI and Data Security Compliance] Comment: "Web application
security survey"


Hi Andrew,


I've worked in the PCI space for a while as an assessor and for the last

year with Visa training the assessors globally.


If there's anything I can do to get the updated list into the next version

of the PCI SAQ please let me know. I'd also like to know if you have an

interest in speaking at a PCI conference next year in San Francisco.





Michael Dahn

Volubis, Inc.

415-420-4331 cell

415-738-4916 office

814-680-5174 e-fax



-----Original Message-----



Hi there,


Thanks for taking the time out to discuss this very important question. We

would love to work more closely with PCI folks, from peer review of their

proposed standards, to peer reviewing updated materials they have previously

adopted from us. 


On this particular point, OWASP believe that automated scanning tools can be

very useful to reduce the amount of work done by a professional reviewer,

but they are not a replacement for a professional reviewer. Therefore, I am

glad that item 6.6 is in the SAP. 


We are revising the OWASP Top 10 right now. The Top 10 2007 will be in this

year's SANS Top 20 as item C1. We'd really like it if PCI SAP folks and

indeed anyone who wants to be a peer reviewer of the OWASP Top 10 2007

contact me (vanderaj @ owasp.org) or Jeff Williams (jeff.williams @

owasp.org) as a matter of some urgency. We want to pump it out by January. 








-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20061108/555a9cf4/attachment-0002.html>

More information about the Owasp-board mailing list