[Owasp-board] Fwd: [PCI and Data Security Compliance] Comment: "Webapplication security survey"
jeff.williams at owasp.org
Thu Nov 9 00:57:29 UTC 2006
From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Andrew van der
Sent: Tuesday, November 07, 2006 11:57 PM
To: owasp-board at lists.owasp.org
Subject: [Owasp-board] Fwd: [PCI and Data Security Compliance] Comment:
"Webapplication security survey"
Should we do this? I think the answer is most definitely yes
Begin forwarded message:
From: "Michael Dahn" <mike.dahn at volubis.com>
Date: 8 November 2006 3:43:38 PM
To: <vanderaj at owasp.org>
Subject: RE: [PCI and Data Security Compliance] Comment: "Web application
I've worked in the PCI space for a while as an assessor and for the last
year with Visa training the assessors globally.
If there's anything I can do to get the updated list into the next version
of the PCI SAQ please let me know. I'd also like to know if you have an
interest in speaking at a PCI conference next year in San Francisco.
Thanks for taking the time out to discuss this very important question. We
would love to work more closely with PCI folks, from peer review of their
proposed standards, to peer reviewing updated materials they have previously
adopted from us.
On this particular point, OWASP believe that automated scanning tools can be
very useful to reduce the amount of work done by a professional reviewer,
but they are not a replacement for a professional reviewer. Therefore, I am
glad that item 6.6 is in the SAP.
We are revising the OWASP Top 10 right now. The Top 10 2007 will be in this
year's SANS Top 20 as item C1. We'd really like it if PCI SAP folks and
indeed anyone who wants to be a peer reviewer of the OWASP Top 10 2007
contact me (vanderaj @ owasp.org) or Jeff Williams (jeff.williams @
owasp.org) as a matter of some urgency. We want to pump it out by January.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board