[Owasp-board] Fwd: [PCI and Data Security Compliance] Comment: "Webapplication security survey"

Dinis Cruz dinis at ddplus.net
Thu Nov 9 01:39:33 UTC 2006


Agreed too, Yes

On 11/8/06, Jeff Williams <jeff.williams at owasp.org> wrote:
>
>  Agreed.
>
>
>
> --Jeff
>
>
>  ------------------------------
>
> *From:* owasp-board-bounces at lists.owasp.org [mailto:
> owasp-board-bounces at lists.owasp.org] *On Behalf Of *Andrew van der Stock
> *Sent:* Tuesday, November 07, 2006 11:57 PM
> *To:* owasp-board at lists.owasp.org
> *Subject:* [Owasp-board] Fwd: [PCI and Data Security Compliance] Comment:
> "Webapplication security survey"
>
>
>
> Hi there,
>
>
>
> Should we do this? I think the answer is most definitely yes
>
>
>
> thanks,
>
> Andrew
>
>
>
> Begin forwarded message:
>
>
>
>  *From: *"Michael Dahn" <mike.dahn at volubis.com>
>
> *Date: *8 November 2006 3:43:38 PM
>
> *To: *<vanderaj at owasp.org>
>
> *Subject: **RE: [PCI and Data Security Compliance] Comment: "Web
> application security survey"*
>
>
>
> Hi Andrew,
>
>
>
> I've worked in the PCI space for a while as an assessor and for the last
>
> year with Visa training the assessors globally.
>
>
>
> If there's anything I can do to get the updated list into the next version
>
> of the PCI SAQ please let me know. I'd also like to know if you have an
>
> interest in speaking at a PCI conference next year in San Francisco.
>
>
>
> Thanks,
>
> -Mike
>
>
>
> Michael Dahn
>
> Volubis, Inc.
>
> 415-420-4331 cell
>
> 415-738-4916 office
>
> 814-680-5174 e-fax
>
>
>
>
>
> -----Original Message-----
>
>
>
> Comment:
>
> Hi there,
>
>
>
> Thanks for taking the time out to discuss this very important question. We
>
> would love to work more closely with PCI folks, from peer review of their
>
> proposed standards, to peer reviewing updated materials they have
> previously
>
> adopted from us.
>
>
>
> On this particular point, OWASP believe that automated scanning tools can
> be
>
> very useful to reduce the amount of work done by a professional reviewer,
>
> but they are not a replacement for a professional reviewer. Therefore, I
> am
>
> glad that item 6.6 is in the SAP.
>
>
>
> We are revising the OWASP Top 10 right now. The Top 10 2007 will be in
> this
>
> year's SANS Top 20 as item C1. We'd really like it if PCI SAP folks and
>
> indeed anyone who wants to be a peer reviewer of the OWASP Top 10 2007
>
> contact me (vanderaj @ owasp.org) or Jeff Williams (jeff.williams @
>
> owasp.org) as a matter of some urgency. We want to pump it out by January.
>
>
>
> thanks,
>
> Andrew
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> http://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>


-- 
Best regards

Dinis Cruz
OWASP Autumn of Code 2006, http://www.owasp.org/index.php/OAC
OWASP .Net Project, http://www.owasp.org/index.php/.Net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20061108/c2dd3719/attachment-0002.html>


More information about the Owasp-board mailing list