[OWASP-GUIDE] Early draft of CC chapter

Adrian Wiesmann awiesmann at swordlord.org
Tue Jun 8 17:05:55 EDT 2004

> It's about 80% done. Comments are more than welcome. 

Sounds great. And I especially think this is some vacuum within the Guide
which you fill here. 

Here are my comments from the first short review:

> Presenting a CC number safely 

It is not very wise to present the customer with his card number
obfuscated. Brude Schneier had a good example once. Say a credit card
number is:


Now we buy something in shop A and get this obfuscated number in the


Then we go to shop B and get the next receipt with this number:


While both receipts are "secure" or at least no problem, they become one
when we get all these receipts together.

I am not sure about the content and the structure of your chapter. But it
looks very good and I will think about it and let you know when I get some
good ideas :)


More information about the Owasp-guide mailing list