Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

New OWASP project - PCI Web Security Standards

from [mike . owasp] Network Security [Permanent Link]
Subject: New OWASP project - PCI Web Security Standards
Date: 19 Dec 2005 19:45:00 -0000 
Hello list,

I'm pleased to announce the start of a new OWASP project focused on creating a 
proposed set of Web-application Security Standards for sites that process 
credit card information.  

As things currently stand, the payment card industry (PCI - Visa, Mastercard, 
etc) plan to specify compliance to the OWASP Top Ten as part of successfully 
passing a scan/audit.  Although the Top Ten lists the common threats to web 
applications, it is neither comprehensive nor testable in a pass/fail 
methodology.

The OWAS PCI-WASS project aims at producing a set of *minimum* standards a 
web-application should be tested against if it is to process credit card 
information.  A final goal is to arrive at a set of testable criteria, much the 
same as the existing PCI security standard.  

If this interests you, please visit the project home page at 
http://www.owasp.org/standards/pci-wass.html.  There you will find a strawman 
document (available at 
http://www.owasp.org/docroot/owasp/misc/PCI-WASS_Strawman_Draft.doc) to start 
discussions and set direction.  To marshal comments, ideas, discussions, 
criticism, and feedback, I have set up another list at 
owasp-standards@lists.sourceforge.net

I look forward to your participation.

Cheers,
Mike.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Rules on security issues for static code analizers of Java, Juan C Calderon
Next by Date:  Re: Mambo, Coppermine and PHPBB Attacks, Paul Laudanski
Previous by Thread:  Rules on security issues for static code analizers of Java, Juan C Calderon
Next by Thread:  RE: New OWASP project - PCI Web Security Standards, Lyal Collins
Indexes:  [Date] [Thread] [Top] [All Lists]