[Owasp-standards] Introduction

owasp-standards-admin at lists.sourceforge.net owasp-standards-admin at lists.sourceforge.net
Thu Jan 5 21:51:55 EST 2006



I just joined the list and wanted to say hello, and introduce myself.  I
have 6+ years of application development experience as it relates to
payment processing at a smaller 3rd party processor, issuer, acquirer
and settlement processor.  I've been involved with a gambit of projects:
Data processing, Internal and External integrations,  Ecommerce
gateways, Terminal development, PC application integration, stored value
systems, both on Microsoft and Linux/UNIX platforms in various languages
and connectivity options. And have experiences a few PCI and other types
of audits from "both sides of the table."


I have not really read the archives or drilled down into the "Strawman"
Doc, but wanted to ask if this document it "Web application" specific ?
or would provide guidance to applications that handle cardholder data in
general.  I'm thinking about Payment Terminals, and custom applications
on  Hypercom, verifones, etc. PC application integration, shopping
carts,  real-time and batch processing, POS systems.  Many of these are
not web specific but with broadband are leveraging a web based transport
(HTTPS), or have web based interfaces and hooks into these systems or
their data, and may not be explicitly web apps, but have and leverage
characteristics of.


I just wanted to verify the "scope" and see if any of these other types
of applications while not particularly web applications, are related for
PCI application development, and perhaps some clarification of how this
project relates to the existing OWASP Guide, especially  the Handling
e-Commerce Payments section


I hope to add some insight into the group wherever I can, and read the
archives and strawman where I might be able to answer my own questions




David Bergert
Supervisor, Technology Risk Management Services
RSM McGladrey, Inc.
201 North Harrison Street, Suite. 300
Davenport, IA 52801
Office: 563-888-4023

Mobile: 563-650-6006
Fax: 563-324-6939
david.bergert at rsmi.com


This e-mail is only intended for the person(s) to whom it is addressed and may contain confidential information. Unless stated to the contrary, any opinions or comments are personal to the writer and do not represent the official view of the company. If you have received this e-mail in error, please notify us immediately by reply e-mail and then delete this message from your system. Please do not copy it or use it for any purposes, or disclose its contents to any other person. Thank you for your cooperation.

Any advice contained in this email (including any attachments unless expressly stated otherwise) is not intended or written to be used, and cannot be used, for purposes of avoiding tax penalties that may be imposed on any taxpayer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-standards/attachments/20060105/3801dc88/attachment.html 

More information about the Owasp-standards mailing list