[OWASP-GUIDE] Early draft of CC chapter
awiesmann at swordlord.org
Tue Jun 8 17:05:55 EDT 2004
> It's about 80% done. Comments are more than welcome.
Sounds great. And I especially think this is some vacuum within the Guide
which you fill here.
Here are my comments from the first short review:
> Presenting a CC number safely
It is not very wise to present the customer with his card number
obfuscated. Brude Schneier had a good example once. Say a credit card
Now we buy something in shop A and get this obfuscated number in the
Then we go to shop B and get the next receipt with this number:
While both receipts are "secure" or at least no problem, they become one
when we get all these receipts together.
I am not sure about the content and the structure of your chapter. But it
looks very good and I will think about it and let you know when I get some
good ideas :)
More information about the Owasp-guide