[OWASP-GUIDE] Early draft of CC chapter

Adrian Wiesmann awiesmann at swordlord.org
Tue Jun 8 17:05:55 EDT 2004


> It's about 80% done. Comments are more than welcome. 

Sounds great. And I especially think this is some vacuum within the Guide
which you fill here. 

Here are my comments from the first short review:


> Presenting a CC number safely 

It is not very wise to present the customer with his card number
obfuscated. Brude Schneier had a good example once. Say a credit card
number is:

1234-5678-4321-7890

Now we buy something in shop A and get this obfuscated number in the
receipt:

xxxx-xxxx-xxxx-7890

Then we go to shop B and get the next receipt with this number:

1234-xxxx-xxxx-xxxx

While both receipts are "secure" or at least no problem, they become one
when we get all these receipts together.


I am not sure about the content and the structure of your chapter. But it
looks very good and I will think about it and let you know when I get some
good ideas :)

Regards,
Adrian




More information about the Owasp-guide mailing list